# Install mantra with Homebrew, Nix

Tool to hunt down API key leaks in JS files and pages. Version 3.1 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:mantra
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install mantra
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#mantra
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ma/mantra/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:mantra
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/mantra>
- **Version:** 3.1
- **Source summary:** Tool to hunt down API key leaks in JS files and pages
- **Homepage:** <https://amolo.com.br>
- **Repository:** <https://github.com/brosck/mantra>
- **Upstream docs:** <https://github.com/brosck/mantra#readme>
- **License:** GPL-3.0-only
- **Source archive:** <https://github.com/brosck/mantra/archive/refs/tags/v3.1.tar.gz>
- **Last updated:** 2026-06-15T10:20:21-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- mantra (cli)
- mantra (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.1
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/brosck/mantra
- Upstream latest detected: v3.1 (current)
## Project history and usage

mantra is a Go command-line security tool for finding API-key leaks in JavaScript files and HTML pages.

### Project history

The public repository was created in January 2023. Its README describes a tool built in Go whose main objective is to inspect web page source and script files for strings that are identical or similar to API keys.

### Adoption history

The project is distributed as a Go install target, source build, and Homebrew formula. Its GitHub topics and README position it for bug bounty, pentest, JavaScript, leaked-secret, and web security workflows.

### How it is used

Users install with `go install github.com/Brosck/mantra@latest` or build from source, then run the `mantra` CLI against pages or JavaScript files to identify possible exposed API keys.

### Why package nerds care

mantra is part of the small, fast Go CLI ecosystem around web reconnaissance and secret scanning, where package-manager availability matters because tools are often chained in scripts.

### Timeline

- 2023: Public GitHub repository created.
- 2023: v1.0 release published.
- 2024: v2.0 release published.
- 2025: v3.1 release published.

### Related projects

- The README does not name direct related projects; it fits the broader secret-scanning and web reconnaissance tool category.

### Sources

- <https://github.com/brosck/mantra>
- <https://github.com/brosck/mantra#readme>
- <https://github.com/brosck/mantra/releases/tag/v3.1>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** mantra
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - mantra: normalized package name match | nixpkgs package indexes: pkgs/by-name/ma/mantra/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [git-secrets](https://www.automicvault.com/pkg/brew/git-secrets/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [gitleaks](https://www.automicvault.com/pkg/brew/gitleaks/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [kingfisher](https://www.automicvault.com/pkg/brew/kingfisher/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [squealer](https://www.automicvault.com/pkg/brew/squealer/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [tartufo](https://www.automicvault.com/pkg/brew/tartufo/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/mantra.yml](https://github.com/automic-vault/db/blob/main/combined/mantra.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
