Automic VaultAutomic Vault

brew

Install actions-up with Homebrew

Tool to update GitHub Actions to latest versions with SHA pinning. Version 1.16.0 via Homebrew; verified 2026-07-03.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install actions-up

local Homebrew formula metadata

overview

Package summary

Tool to update GitHub Actions to latest versions with SHA pinning

Commands and aliases

  • actions-up

history

Project history and usage

Actions Up is an interactive CLI for finding newer GitHub Actions references in workflow and composite-action YAML, then updating them with SHA pinning by default.

Project history

The project was created in August 2025 and released v0.1.0 the same day. Its README positions the tool around secure and reproducible CI by replacing mutable action tags with exact commit SHAs unless the user chooses to preserve tag-style references.

Adoption history

The README supports quick npx use, global npm installation, per-project dev dependency installation, and Homebrew installation, which puts it in the common JavaScript CLI plus package-manager distribution pattern.

How it is used

Actions Up scans .github/workflows, .github/actions, root action.yml/action.yaml files, and reusable workflow calls. Users can run interactive mode, --yes auto-update mode, --dry-run, --json report mode, recursive scans, custom directories, update modes, exclusions, and CI checks.

Why package nerds care

It is notable in package-manager culture because it overlaps dependency-update bots while staying local and interactive: users can inspect updates, pin SHAs, and generate CI reports without adopting a hosted bot workflow.

Timeline

  • 2025: Repository created.
  • 2025: v0.1.0 release published.
  • 2026: v1.15.0 release published on June 29.

Related projects

  • The README compares Actions Up with Dependabot, Renovate, and pinact.

Sources

  • GitHub repository and releases API for creation and release chronology.
  • Official README for project positioning, usage, install paths, and related tools.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
actions-upcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.16.0
manager updated2026-07-03
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/azat-io/actions-up

install metadata

Package metadata

Package keybrew:actions-up
Version1.16.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/actions-up
Homepagehttps://github.com/azat-io/actions-up
Repositoryhttps://github.com/azat-io/actions-up
Upstream docshttps://github.com/azat-io/actions-up#readme
LicenseMIT
Source archivehttps://registry.npmjs.org/actions-up/-/actions-up-1.16.0.tgz
Last updated2026-07-03T15:04:32Z
Pulseupdated
Dependenciesnode
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameactions-up
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment