# Install caracal with Homebrew

Static analyzer for Starknet smart contracts. Version 0.2.3 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:caracal
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install caracal
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:caracal
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/caracal>
- **Version:** 0.2.3
- **Source summary:** Static analyzer for Starknet smart contracts
- **Homepage:** <https://github.com/crytic/caracal>
- **Repository:** <https://github.com/crytic/caracal>
- **Upstream docs:** <https://github.com/crytic/caracal#readme>
- **License:** AGPL-3.0-only
- **Source archive:** <https://github.com/crytic/caracal/archive/refs/tags/v0.2.3.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- caracal (cli)
- caracal (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.2.3
- Local data: ok
- Upstream repository: https://github.com/crytic/caracal
- Upstream latest detected: v0.2.3 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Caracal is a Rust command-line static analyzer for Starknet smart contracts, working over Cairo's SIERRA representation to run vulnerability detectors, printers, taint analysis, and data-flow analysis.

### Project history

Caracal was created in the Crytic GitHub organization in January 2023. The Crytic organization describes itself as blockchain security by Trail of Bits, placing Caracal in the same family of security analysis tooling as other Crytic projects.

The README describes Caracal as a static analyzer over SIERRA for Starknet smart contracts. It supports standalone Cairo files, Cairo projects, and Scarb projects, with precompiled binaries published on GitHub releases.

### Adoption history

Caracal's public adoption is narrower than general-purpose static analyzers because it targets the Starknet/Cairo ecosystem. Its first GitHub release, v0.1.0, appeared in July 2023, followed by 0.2.x releases for Cairo compiler 2.x support.

The Homebrew formula packages the caracal CLI, making it convenient for auditors and developers on macOS to run the same detector list documented in the upstream README.

### How it is used

Users run caracal detectors to list available detectors, caracal printers to list printers, caracal detect to analyze standalone files or projects, and caracal print to export information such as CFGs and call graphs.

For Scarb projects, the README instructs users to enable SIERRA output in Scarb.toml before running Caracal. For standalone analysis with a bundled compiler, users may need to provide Cairo corelib with --corelib or CORELIB_PATH.

### Why package nerds care

Caracal is package-nerd interesting as a young blockchain-security analyzer where the package boundary includes a Rust CLI, Cairo compiler dependencies, SIERRA compatibility, and smart-contract audit workflows.

It also shows how quickly niche language ecosystems produce packageable analyzers once the compiler exposes a stable intermediate representation.

### Timeline

- 2023-01: crytic/caracal repository is created on GitHub.
- 2023-07: Caracal v0.1.0 is published.
- 2023-08: v0.2.0 is published for the Cairo compiler 2.x line.
- 2024-01: v0.2.3 is published, matching the version in Cargo.toml.
- 2026: Homebrew formula metadata still identifies Caracal as a Starknet smart-contract static analyzer.

### Related projects

- Cairo and the cairo-lang compiler crates are direct dependencies named in Caracal's Cargo.toml.
- Starknet is the smart-contract platform Caracal targets.
- Scarb is the Cairo package/build tool flow documented by Caracal.
- Crytic and Trail of Bits provide the security-tooling context for the project.

### Sources

- <https://api.github.com/orgs/crytic>
- <https://api.github.com/repos/crytic/caracal>
- <https://api.github.com/repos/crytic/caracal/releases>
- <https://github.com/crytic/caracal>
- <https://github.com/crytic/caracal/blob/master/Cargo.toml>
- <https://github.com/crytic/caracal/blob/master/README.md>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** caracal
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Developer build packages](https://www.automicvault.com/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [slither-analyzer](https://www.automicvault.com/pkg/brew/slither-analyzer/) - Shares av.db curated category or tags: cli, security, smart-contracts, static-analysis.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [cargo-geiger](https://www.automicvault.com/pkg/brew/cargo-geiger/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [flawfinder](https://www.automicvault.com/pkg/brew/flawfinder/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [gosec](https://www.automicvault.com/pkg/brew/gosec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [joern](https://www.automicvault.com/pkg/brew/joern/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [tfsec](https://www.automicvault.com/pkg/brew/tfsec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [crytic-compile](https://www.automicvault.com/pkg/brew/crytic-compile/) - Shares av.db curated category or tags: cli, security, smart-contracts.

## Combined YAML source

View the package source record on GitHub. [combined/caracal.yml](https://github.com/automic-vault/db/blob/main/combined/caracal.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
