Automic VaultAutomic Vault

brew / couverture d'outils protégés / rang 9345

Installer phylum-cli

Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de phylum-cli pour les workflows d'agents IA.

Commande d'installationNotes de sécurité

installation

Installer avec Automic Vault

Automic Vault
Télécharger AV
sudo av install brew:phylum-cli

macOS

Homebrewverified · 100%
brew install phylum-cli

local Homebrew formula metadata

Notes de plateforme

  • Aucune note de plateforme propre au paquet n'était présente.

aperçu

Résumé du paquet

Command-line interface for the Phylum API

Commandes et alias

  • phylum

couverture d'outils protégés

Plain Text Phylum API Token

`phylum auth login` and `phylum auth set-token` store the current API token as `auth_info.offline_access` in ~/.config/phylum/settings.yaml. Phylum also honors PHYLUM_API_KEY and a global --config path, which gives this radioisotope a wrapper boundary for temporary runtime config. Our isotope stores the API token in the macOS keychain and injects it with PHYLUM_API_KEY while `phylum` runs.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 2 build dependencies.

Extrait README local

Phylum CLI Protected-tool coverage

Phylum CLI stores its login token in the user config file at ~/.config/phylum/settings.yaml. That token can authorize Phylum API requests and should not remain in plaintext package-owned config.

This protected-tool coverage migrates the default auth_info.offline_access token into the Automic Vault keychain and removes it from the persisted config file. The installed phylum launcher is wrapped so Automic Vault injects the token as PHYLUM_API_KEY while the command runs.

The wrapper runs Phylum with a temporary config file copied from the user's config with the stored token removed. This preserves non-secret settings while keeping the runtime token out of the user's config file.

Caveats

  • Only the default XDG config path is migrated.
  • Explicit --config files are treated as caller-managed and are not migrated.
  • Direct execution of the original binary will not receive the injected token.

Source: local coverage notes

Source de couverture

Extrait source

Caveats

  • We migrate the default ~/.config/phylum/settings.yaml file.
  • Explicit --config files are not migrated because they can represent caller-managed contexts.
  • Direct execution of the original binary will not receive credentials.

exécutables

Exécutables installés

CommandeTypeExpositionNote
phylumcliglobal executable

fraîcheur

Version et fraîcheur

Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.

page générée2026-06-10
version du gestionnaire7.5.0
gestionnaire mis à jour
données localesok
amontcurrent
dernière version détectéev7.5.0

https://github.com/phylum-dev/cli

  • infoNo package-manager update timestamp was available.low confidence

métadonnées d'installation

Métadonnées du paquet

Package keybrew:phylum-cli
Version7.5.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/phylum-cli
Homepagehttps://www.phylum.io
Repositoryhttps://github.com/phylum-dev/cli
Upstream docshttps://docs.phylum.io/cli/commands/phylum
LicenseGPL-3.0-or-later
Source archivehttps://github.com/phylum-dev/cli/archive/refs/tags/v7.5.0.tar.gz
Build dependenciesprotobuf, rust
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared
CaveatsNo official extensions have been preinstalled.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namephylum-cli
Aliases
  • phylum
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

graphe de paquets

Les liens viennent du graphe local de relations entre paquets, des suppléments, des dépendances, des correspondances d'écosystèmes et de l'appartenance aux hubs.

Outils liés

  • protobufBuild dependency declared by Homebrew.
  • rustBuild dependency declared by Homebrew.

Même workflow

  • syftShares av.db curated category or tags: cli, security, software-supply-chain.
  • cargo-auditShares av.db curated category or tags: cli, security, software-supply-chain.
  • cdxgenShares av.db curated category or tags: cli, security, software-supply-chain.
  • chainloop-cliShares av.db curated category or tags: cli, security, software-supply-chain.
  • scorecardShares av.db curated category or tags: cli, security, software-supply-chain.
  • sbom-toolShares av.db curated category or tags: cli, security, software-supply-chain.

piste source

Généré depuis les données du dépôt

Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.

Sources utilisées

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest