macOS
Homebrewverified · 100%
brew install phylum-clilocal Homebrew formula metadata
软件包管理器来源
平台说明
- 没有特定于此软件包的平台说明。
概览
软件包摘要
Command-line interface for the Phylum API
主页
命令和别名
- phylum
受保护工具覆盖
Plain Text Phylum API Token
`phylum auth login` and `phylum auth set-token` store the current API token as `auth_info.offline_access` in ~/.config/phylum/settings.yaml. Phylum also honors PHYLUM_API_KEY and a global --config path, which gives this radioisotope a wrapper boundary for temporary runtime config. Our isotope stores the API token in the macOS keychain and injects it with PHYLUM_API_KEY while `phylum` runs.
Risk classifier
green risk · low confidence · appliance
Why
- narrow executable package without higher-risk signals
Signals
- metadata:no-higher-risk-signals
Install behavior
- No Homebrew post-install hook is recorded in formula metadata.
- Homebrew bottle metadata is available for 6 platform targets.
- Build metadata lists 2 build dependencies.
本地 README 摘录
Phylum CLI Protected-tool coverage
Phylum CLI stores its login token in the user config file at ~/.config/phylum/settings.yaml. That token can authorize Phylum API requests and should not remain in plaintext package-owned config.
This protected-tool coverage migrates the default auth_info.offline_access token into the Automic Vault keychain and removes it from the persisted config file. The installed phylum launcher is wrapped so Automic Vault injects the token as PHYLUM_API_KEY while the command runs.
The wrapper runs Phylum with a temporary config file copied from the user's config with the stored token removed. This preserves non-secret settings while keeping the runtime token out of the user's config file.
Caveats
- Only the default XDG config path is migrated.
- Explicit
--configfiles are treated as caller-managed and are not migrated. - Direct execution of the original binary will not receive the injected token.
来源: local coverage notes
覆盖来源
来源摘录
Caveats
- We migrate the default ~/.config/phylum/settings.yaml file.
- Explicit --config files are not migrated because they can represent caller-managed contexts.
- Direct execution of the original binary will not receive credentials.
可执行文件
已安装的可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
phylum | cli | global executable |
新鲜度
版本和新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
页面生成时间2026-06-10
管理器版本7.5.0
管理器更新时间
本地数据ok
上游current
检测到的最新版本v7.5.0
https://github.com/phylum-dev/cli
- infoNo package-manager update timestamp was available.low confidence
安装元数据
软件包元数据
| Package key | brew:phylum-cli |
|---|---|
| Version | 7.5.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/phylum-cli |
| Homepage | https://www.phylum.io |
| Repository | https://github.com/phylum-dev/cli |
| Upstream docs | https://docs.phylum.io/cli/commands/phylum |
| License | GPL-3.0-or-later |
| Source archive | https://github.com/phylum-dev/cli/archive/refs/tags/v7.5.0.tar.gz |
| Build dependencies | protobuf, rust |
| Bottle | available (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | No official extensions have been preinstalled. |
registry facts
Source database details
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | phylum-cli |
| Aliases |
|
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
来源线索
由仓库数据生成
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
使用的来源
- Geiger risk classifier
- Nucleus package database
- av.db category and tag curation
- cross-ecosystem install command graph
- local coverage README
- package relationship graph
- package version freshness
- package-page enrichment
- secret-handling manifest