Automic VaultAutomic Vault

brew

Install needle with Homebrew, Nix

Compile-time safe Swift dependency injection framework with real code. Version 0.25.1 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install needle

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#needle

nixpkgs package indexes · pkgs/by-name/ne/needle/package.nix · source: api.github.com

overview

Package summary

Compile-time safe Swift dependency injection framework with real code

Commands and aliases

  • needle

history

Project history and usage

Needle is Uber's Swift dependency-injection system. Its distinguishing idea is to make dependency wiring explicit, hierarchical, and code-generated so missing or invalid dependencies fail at compile time instead of becoming runtime container lookups.

Project history

The public GitHub repository was created on 2018-04-06. The README frames Needle against Swift DI libraries such as Cleanse and Swinject, while comparing its compile-time generated graph more closely to Dagger on the JVM. The project goals call out high reliability, code generation performance for multi-million-line codebases, and compatibility with iOS architectures including RIBs and MVx.

Needle ships both a runtime framework, NeedleFoundation, and the `needle` generator executable packaged by Homebrew. Its release process documentation explicitly includes publishing to CocoaPods and Homebrew, which matches its split identity as both a Swift package/library and a developer tool installed into build phases.

Adoption history

Needle's primary adoption channel is iOS application architecture, especially large Swift apps where runtime service locators are too loose and hand-wired dependency trees become noisy. Swift Package Index listed the package as in development for 8 years, with 42 releases and 42 contributors when checked in 2026, and the GitHub API showed 2,006 stars and 160 forks on 2026-07-01.

Homebrew is important because teams usually need the generator binary in local and CI builds. Homebrew's formula page showed stable version 0.25.1 and 1,766 installs over 365 days, 70 over 90 days, and 17 over 30 days when checked on 2026-07-01.

How it is used

In practice, developers add NeedleFoundation to a Swift app, model scopes as `Component` types, express dependencies as Swift protocols, then run `needle generate` to emit a generated file that wires the graph. The generator is commonly invoked from an Xcode build phase or CI step so dependency graph mistakes become compilation errors.

Needle is attractive to package nerds because the Homebrew formula is not the library itself; it is the code-generation tool that makes the library's safety story work. That puts it in the same operational family as SwiftGen, Sourcery, and other source-generation CLIs that become part of a build pipeline.

Why package nerds care

Needle is a notable example of a company-scale mobile architecture tool packaged for general use. It shows how a Swift library can require a separately installed command-line generator, and why Homebrew remains relevant even for ecosystems that also use Swift Package Manager or CocoaPods.

Timeline

  • 2018-04-06: Public GitHub repository created.
  • 2019: Community tutorials and comparisons began presenting Needle as Uber's compile-time-safe Swift DI option.
  • 2024-08: GitHub releases page listed v0.25.1 with Swift 6-related release notes.
  • 2026-07-01: Homebrew formula stable version observed as 0.25.1.

Related projects

  • NeedleFoundation
  • Swinject
  • Cleanse
  • Dagger
  • Uber RIBs

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
needlecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.25.1
manager updated
local dataok
upstreamcurrent
latest detectedv0.25.1

https://github.com/uber/needle

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:needle
Version0.25.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/needle
Homepagehttps://github.com/uber/needle
Repositoryhttps://github.com/uber/needle
Upstream docshttps://github.com/uber/needle#readme
LicenseApache-2.0
Source archivehttps://github.com/uber/needle/archive/refs/tags/v0.25.1.tar.gz
Bottleavailable (on arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameneedle
Version Scheme0
Revision0
Requirements
  • macos
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

needle

nix profile install nixpkgs#needle
  • normalized package name match
  • Matched by: Needle
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ne/needle/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment