Automic VaultAutomic Vault

brew / approval gates

Install gh with Homebrew, chocolatey, apt, dnf, MacPorts, Nix, scoop, winget, zypper

GitHub command-line tool. Version 2.96.0 via Homebrew; verified 2026-07-03.

agent safety

Agent safety answer

gh is the GitHub control-plane CLI for repositories, releases, issues, and authenticated developer state.

Credential access

Reads GitHub CLI tokens and can print or use them for API calls.

Remote mutation

Can modify repositories, pull requests, releases, secrets, and organization state.

Publish/artifact risk

Can create releases, upload assets, and trigger release automation.

Recommended control

Use GitHub token protection plus approval gates for write and token-display commands.

Agent-use guidance

Permit status and read-only queries; require approval for token output, release creation, repo writes, and workflow dispatch.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install gh

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install gh

MacPorts ports tree · devel/gh/Portfile · source: api.github.com

overview

Package summary

GitHub command-line tool

Commands and aliases

  • gh

history

Project history and usage

GitHub CLI, invoked as `gh`, is GitHub's official command-line tool for working with pull requests, issues, repositories, releases, Actions, authentication, and GitHub API data from a terminal.

Project history

GitHub created the cli/cli repository in October 2019 and opened the project as a new official CLI distinct from the older community `hub` tool. GitHub announced the beta in February 2020 and released GitHub CLI 1.0 in September 2020.

The README frames `gh` as a standalone tool that brings GitHub concepts next to `git` and source code work. The project grew into a cross-platform Go CLI with first-party manuals, release binaries, package repositories, GitHub Enterprise support, extension support, API helpers, and later supply-chain features such as build provenance attestations for release artifacts.

Adoption history

GitHub CLI has broad adoption because it is distributed through GitHub's own package repositories and release binaries, package managers such as Homebrew and WinGet, and GitHub-hosted Actions runner images. Its first-party status made it a standard automation interface for GitHub workflows in shells and CI jobs.

How it is used

Practitioners use `gh` to create and review pull requests, triage issues, clone and browse repositories, trigger or inspect Actions workflows, manage releases and gists, authenticate to GitHub hosts, call the GitHub API, and script repository operations without leaving the command line.

Why package nerds care

For package and automation ecosystems, `gh` is important because it gives GitHub an official, versioned executable surface. Package maintainers can depend on consistent commands across macOS, Linux, and Windows, while CI authors can use a preinstalled or easily installed binary instead of hand-rolling API calls.

Timeline

  • 2019: The cli/cli repository was created.
  • 2020: GitHub announced GitHub CLI beta.
  • 2020: GitHub CLI 1.0.0 was published.
  • 2024: The README records release build provenance attestations beginning with version 2.50.0.

Related projects

  • The README compares GitHub CLI with `hub`, noting that `hub` behaves as a proxy to `git` while `gh` is a standalone tool for GitHub workflows.

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 7 rules for gh. Covered entrypoints: gh. Severity labels: critical, high. Coverage: partial, reviewed 2026-05-21.

Example gated actions

  • Print the active GitHub authentication token.
  • Create or refresh local GitHub authentication state.
  • Delete a GitHub repository.
  • Change repository settings, visibility, topics, or metadata.
  • Merge a pull request.
  • Create, upload to, edit, or delete GitHub releases.
  • Trigger a GitHub Actions workflow.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
$XDG_CONFIG_HOME/gh/config.yml~/.config/gh/config.yml
Windows
%AppData%\GitHub CLI\config.yml

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
$XDG_CONFIG_HOME/gh/hosts.yml~/.config/gh/hosts.yml
Windows
%AppData%\GitHub CLI\hosts.yml

executables

Installed executables

CommandKindExposureNote
ghcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.96.0
manager updated2026-07-03
local dataok
upstreamcurrent
latest detectedv2.96.0

https://github.com/cli/cli

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:gh
Version2.96.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gh
Homepagehttps://cli.github.com/
Repositoryhttps://github.com/cli/cli
Upstream docshttps://cli.github.com/manual/gh
LicenseMIT
Source archivehttps://github.com/cli/cli/archive/refs/tags/v2.96.0.tar.gz
Last updated2026-07-03T00:29:16Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegh
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

gh 2.46.0-3

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: utils
  • Architecture: amd64
  • 1 dependencies
  • normalized package name match
  • Matched by: Gh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: gh from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

gh

nix profile install nixpkgs#gh
  • normalized package name match
  • Matched by: Gh
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gh/gh/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

gh 2.45.0-1build1

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: universe/utils
  • Architecture: amd64
  • 1 dependencies
  • normalized package name match
  • Matched by: Gh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: gh from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

gh 2.93.0-1.fc45

GitHub's official command line tool

https://github.com/cli/cli

sudo dnf install gh
  • License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 AND Unlicense
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 4 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Gh
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: gh from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
zypper95%

gh 2.93.0-1.1

The official CLI for GitHub

https://cli.github.com/

sudo zypper install gh
  • License: MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-bash-completion 2.93.0-1.1

Bash Completion for gh

https://cli.github.com/

sudo zypper install gh-bash-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-fish-completion 2.93.0-1.1

Fish completion for gh

https://cli.github.com/

sudo zypper install gh-fish-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-zsh-completion 2.93.0-1.1

ZSH Completion for gh

https://cli.github.com/

sudo zypper install gh-zsh-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

gh

sudo port install gh
  • normalized package name match
  • Matched by: Gh
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/gh/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

gh

choco install gh
  • normalized package name match
  • Matched by: Gh
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: gh from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','gawk'
Scoop95%

main/gh

scoop install main/gh
  • normalized package name match
  • Matched by: Gh
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/gh.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

GitHub.cli

winget install --id GitHub.cli -e
  • normalized package name match
  • Matched by: Gh
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: GitHub.cli from https://cdn.winget.microsoft.com/cache/source.msix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Combined YAML source

View the package source record on GitHub.

combined/gh.yml

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment