Automic VaultAutomic Vault

brew

Install mender-artifact with Homebrew, apt

CLI tool for managing Mender artifact files. Version 4.4.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install mender-artifact

local Homebrew formula metadata

Linux

Debian aptverified · 92%
sudo apt install mender-artifact

Debian stable package indexes · mender-artifact · source: deb.debian.org

overview

Package summary

CLI tool for managing Mender artifact files

Commands and aliases

  • mender-artifact

history

Project history and usage

mender-artifact is the library and CLI for working with Mender Artifact files, the .mender archives used by Mender's over-the-air update system. Mender documentation defines an Artifact as a tar-based archive containing versioning data, extensions, metadata, and one or more payload files. The GitHub project describes artifacts as wrappers that can carry binaries, metadata, checksums, signatures, and scripts used during deployments.

Project history

The tool grew around the practical lifecycle of embedded-Linux updates: create an Artifact, validate it, inspect or dump it, sign it, and preserve metadata while modifying update payloads. Release notes show the format and tooling maturing through signing support in 2017, artifact format v3 documentation and image/artifact modification work in 2018, update-module read/write support in 2019, safer handling of signed and compressed artifacts in 2021, and cloud/HSM-oriented signing additions such as GCP KMS support in 2022.

How it is used

In package-manager terms, mender-artifact is a workstation tool rather than a device daemon. Developers and CI pipelines use it to package operating-system and application updates before upload to a Mender server; Mender's GitHub Actions documentation builds on that flow by uploading artifacts and triggering deployments from CI.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 4 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
mender-artifactcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version4.4.0
manager updated
local dataok
upstreamcurrent
latest detected4.4.0

https://github.com/mendersoftware/mender-artifact

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:mender-artifact
Version4.4.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/mender-artifact
Homepagehttps://mender.io
Repositoryhttps://github.com/mendersoftware/mender-artifact
Upstream docshttps://docs.mender.io/artifact-creation/create-an-artifact
LicenseApache-2.0
Source archivehttps://github.com/mendersoftware/mender-artifact/archive/refs/tags/4.4.0.tar.gz
Dependenciesdosfstools, e2fsprogs, mtools, openssl@3
Build dependenciesgo, pkgconf
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namemender-artifact
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

mender-artifact 3.9.0+ds1-2+b5

utility to generate .mender artifacts

https://github.com/mendersoftware/mender-artifact

sudo apt install mender-artifact
  • Section: devel
  • Architecture: amd64
  • Source Package: golang-github-mendersoftware-mender-artifact
  • 7 dependencies
  • normalized package name match
  • Matched by: Mender Artifact
Debian stable package indexes · deb.debian.org · Debian stable package indexes: mender-artifact from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt95%

mender-artifact 3.9.0+ds1-1build3

utility to generate .mender artifacts

https://github.com/mendersoftware/mender-artifact

sudo apt install mender-artifact
  • Section: universe/devel
  • Architecture: amd64
  • Source Package: golang-github-mendersoftware-mender-artifact
  • 7 dependencies
  • normalized package name match
  • Matched by: Mender Artifact
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: mender-artifact from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment