Automic VaultAutomic Vault

brew

Install globstar with Homebrew

Static analysis toolkit for writing and running code checkers. Version 0.7.2 via Homebrew; verified 2026-04-20.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install globstar

local Homebrew formula metadata

overview

Package summary

Static analysis toolkit for writing and running code checkers

Commands and aliases

  • globstar

history

Project history and usage

Globstar is an open-source static-analysis toolkit from DeepSource for writing custom code checkers and running them through a portable command-line binary.

Project history

The project appeared publicly in the DeepSourceCorp GitHub organization in 2025. Its README presents Globstar as a way to expose DeepSource's experience with static analyzers through a smaller open-source tool built around tree-sitter queries, YAML checker definitions, and a Go interface for more complex checks.

Adoption history

Adoption signals are early and mostly package-manager oriented: the project documents a single-binary installer, Homebrew packaging, and CI usage. That positions it for teams that want repository-local SAST rules without building a full compiler-analysis stack.

How it is used

Practitioners define custom checkers under a repository's .globstar directory and run globstar check locally or in CI. The documented workflow combines built-in checks with project-specific tree-sitter patterns.

Why package nerds care

Globstar is notable in CLI packaging because it packages AST-aware checks as a small Go binary rather than a language-server plugin or SaaS-only workflow.

Timeline

  • 2025: v0.0.1 tag appeared in the DeepSourceCorp/globstar repository.
  • 2025: v0.6.0 was published through GitHub releases.

Related projects

  • Globstar builds on tree-sitter and sits near Semgrep-style custom static-analysis workflows, but its documented checker format is centered on repository-local Globstar YAML and Go checkers.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
globstarcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.7.2
manager updated2026-04-20
local dataok
upstreamcurrent
latest detectedv0.7.2

https://github.com/DeepSourceCorp/globstar

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:globstar
Version0.7.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/globstar
Homepagehttps://globstar.dev
Repositoryhttps://github.com/DeepSourceCorp/globstar
Upstream docshttps://globstar.dev/
LicenseMIT
Source archivehttps://github.com/DeepSourceCorp/globstar/archive/refs/tags/v0.7.2.tar.gz
Last updated2026-04-20T05:18:21Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameglobstar
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment