Hacker News new | past | comments | ask | show | jobs | submit login

This can be installed using homebrew with:

brew cask install sloth




I know Homebrew is vetted, but I personally like to always check where this is pulling in its installer file - and it appears to match the domain as is in the Github repo.

https://github.com/Homebrew/homebrew-cask/blob/master/Casks/...


You might already know this but you can do that by command line with 'brew cask audit sloth' to see where it's pulling from...I'm paranoid enough too :O


Audit seems to be checking the formula code not the source of the download?

https://docs.brew.sh/Manpage

> Check formula for Homebrew coding style violations. This should be run before submitting a new formula. Will exit with a non-zero status if any errors are found, which can be useful for implementing pre-commit hooks. If no formula are provided, all of them are checked.

https://github.com/Homebrew/homebrew-cask/blob/master/USAGE....

> audit — verifies installability of Casks

You can see where it pulls from if you provide the --download flag but as far as I can understand it does not do any other validation regarding that.

  brew cask audit virtualbox --download
AFAIK checksums are checked even if you don't run audit.


I made a mistake! The command is ‘brew cask cat’ to see where it’s coming from.


Which version of homebrew are you using? Because when I try this this is what I get:

  $ brew cask audit sloth                                                                                                                                                                                        
  audit for sloth: passed


I made a mistake! The command is ‘brew cask cat’ to see where it’s coming from.


I did not know that, so thanks for the tip!


I made a mistake! The command is ‘brew cask cat’ to see where it’s coming from.


You can simply run `brew cask cat sloth` to look at code.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: