Automic VaultAutomic Vault

brew / 审批门

使用 Homebrew, chocolatey, apt, dnf, MacPorts, Nix, zypper, scoop, winget 安装 gh

查看 gh 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

代理安全

代理安全回答

gh is the GitHub control-plane CLI for repositories, releases, issues, and authenticated developer state.

凭据访问

Reads GitHub CLI tokens and can print or use them for API calls.

远程变更

Can modify repositories, pull requests, releases, secrets, and organization state.

发布/制品风险

Can create releases, upload assets, and trigger release automation.

推荐控制

Use GitHub token protection plus approval gates for write and token-display commands.

代理使用指南

Permit status and read-only queries; require approval for token output, release creation, repo writes, and workflow dispatch.

安装

其他安装命令

macOS

Homebrew已验证 · 100%
brew install gh

local Homebrew formula metadata

MacPorts已验证 · 94%
sudo port install gh

MacPorts ports tree · devel/gh/Portfile · 来源: api.github.com

Linux

Debian apt已验证 · 92%
sudo apt install gh

Debian stable package indexes · gh · 来源: deb.debian.org

Fedora dnf已验证 · 92%
sudo dnf install gh

Fedora Rawhide package metadata · gh · 来源: dl.fedoraproject.org

Nix已验证 · 92%
nix profile install nixpkgs#gh

nixpkgs package indexes · pkgs/by-name/gh/gh/package.nix · 来源: api.github.com

openSUSE zypper已验证 · 92%
sudo zypper install gh

openSUSE Tumbleweed package metadata · gh · 来源: download.opensuse.org

概览

软件包摘要

GitHub command-line tool

历史

项目历史与用法

GitHub CLI, invoked as `gh`, is GitHub's official command-line tool for working with pull requests, issues, repositories, releases, Actions, authentication, and GitHub API data from a terminal.

项目历史

GitHub created the cli/cli repository in October 2019 and opened the project as a new official CLI distinct from the older community `hub` tool. GitHub announced the beta in February 2020 and released GitHub CLI 1.0 in September 2020.

The README frames `gh` as a standalone tool that brings GitHub concepts next to `git` and source code work. The project grew into a cross-platform Go CLI with first-party manuals, release binaries, package repositories, GitHub Enterprise support, extension support, API helpers, and later supply-chain features such as build provenance attestations for release artifacts.

采用历史

GitHub CLI has broad adoption because it is distributed through GitHub's own package repositories and release binaries, package managers such as Homebrew and WinGet, and GitHub-hosted Actions runner images. Its first-party status made it a standard automation interface for GitHub workflows in shells and CI jobs.

使用方式

Practitioners use `gh` to create and review pull requests, triage issues, clone and browse repositories, trigger or inspect Actions workflows, manage releases and gists, authenticate to GitHub hosts, call the GitHub API, and script repository operations without leaving the command line.

为什么软件包爱好者会关心

For package and automation ecosystems, `gh` is important because it gives GitHub an official, versioned executable surface. Package maintainers can depend on consistent commands across macOS, Linux, and Windows, while CI authors can use a preinstalled or easily installed binary instead of hand-rolling API calls.

时间线

  • 2019: The cli/cli repository was created.
  • 2020: GitHub announced GitHub CLI beta.
  • 2020: GitHub CLI 1.0.0 was published.
  • 2024: The README records release build provenance attestations beginning with version 2.50.0.

Related projects

  • The README compares GitHub CLI with `hub`, noting that `hub` behaves as a proxy to `git` while `gh` is a standalone tool for GitHub workflows.

审批门

高风险命令的人工审核元数据

本地审批门种子包含 7 条适用于 gh 的规则。覆盖的入口点:gh。严重级别:严重, 高。覆盖状态:partial,审核于 2026-05-21。

受控操作示例

  • Print the active GitHub authentication token.
  • Create or refresh local GitHub authentication state.
  • Delete a GitHub repository.
  • Change repository settings, visibility, topics, or metadata.
  • Merge a pull request.
  • Create, upload to, edit, or delete GitHub releases.
  • Trigger a GitHub Actions workflow.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
$XDG_CONFIG_HOME/gh/config.yml~/.config/gh/config.yml
Windows
%AppData%\GitHub CLI\config.yml

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
$XDG_CONFIG_HOME/gh/hosts.yml~/.config/gh/hosts.yml
Windows
%AppData%\GitHub CLI\hosts.yml

可执行文件

已安装的可执行文件

命令类型暴露范围备注
ghcli全局可执行文件

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-07-10
管理器版本2.96.0
管理器更新时间2026-07-03
本地数据OK
上游当前
检测到的最新版本v2.96.0

https://github.com/cli/cli

  • OK没有生成新鲜度警告。

安装元数据

软件包元数据

软件包键brew:gh
版本2.96.0
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/gh
主页https://cli.github.com/
仓库https://github.com/cli/cli
上游文档https://cli.github.com/manual/gh
许可证MIT
源码归档https://github.com/cli/cli/archive/refs/tags/v2.96.0.tar.gz
最后更新2026-07-03T00:29:16Z
Pulseupdated
构建依赖go
Bottle可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install未定义
服务未声明

注册表事实

源数据库详情

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegh
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

源数据库匹配

其他软件包管理器记录

匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。

Debian apt95%

gh 2.46.0-3

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: utils
  • Architecture: amd64
  • 1 依赖
  • normalized package name match
  • 匹配方式:Gh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: gh from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

gh

nix profile install nixpkgs#gh
  • normalized package name match
  • 匹配方式:Gh
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gh/gh/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

gh 2.45.0-1build1

GitHub CLI, GitHub’s official command line tool

https://cli.github.com/

sudo apt install gh
  • Section: universe/utils
  • Architecture: amd64
  • 1 依赖
  • normalized package name match
  • 匹配方式:Gh
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: gh from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

gh 2.93.0-1.fc45

GitHub's official command line tool

https://github.com/cli/cli

sudo dnf install gh
  • License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 AND Unlicense
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 4 依赖
  • 2 提供
  • normalized package name match
  • 匹配方式:Gh
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: gh from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
zypper95%

gh 2.93.0-1.1

The official CLI for GitHub

https://cli.github.com/

sudo zypper install gh
  • License: MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gh
  • 2 依赖
  • 1 提供
  • normalized package name match
  • 匹配方式:Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-bash-completion 2.93.0-1.1

Bash Completion for gh

https://cli.github.com/

sudo zypper install gh-bash-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 2 依赖
  • 1 提供
  • normalized package name match
  • 匹配方式:Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-fish-completion 2.93.0-1.1

Fish completion for gh

https://cli.github.com/

sudo zypper install gh-fish-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 依赖
  • 1 提供
  • normalized package name match
  • 匹配方式:Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

gh-zsh-completion 2.93.0-1.1

ZSH Completion for gh

https://cli.github.com/

sudo zypper install gh-zsh-completion
  • License: MIT
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: gh
  • 1 依赖
  • 1 提供
  • normalized package name match
  • 匹配方式:Gh
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gh-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

gh

sudo port install gh
  • normalized package name match
  • 匹配方式:Gh
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/gh/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

gh

choco install gh
  • normalized package name match
  • 匹配方式:Gh
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: gh from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','gawk'
Scoop95%

main/gh

scoop install main/gh
  • normalized package name match
  • 匹配方式:Gh
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/gh.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

GitHub.cli

winget install --id GitHub.cli -e
  • normalized package name match
  • 匹配方式:Gh
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: GitHub.cli from https://cdn.winget.microsoft.com/cache/source.msix

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

Combined YAML source

View the package source record on GitHub.

combined/gh.yml

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment