← Back to all posts

Understanding Homebrew Dependencies

Jul 28, 2025
Kristján Oddsson

Have you ever run brew upgrade and wondered why seemingly unrelated packages got pulled in during the upgrade process?

When installing a package Homebrew might need to fetch additional software or libraries used to build the package, so-called “dependencies”. These dependencies might themselves have dependencies, meaning that installing or upgrading a single package could result in a cascade of package installations: installing Node.js, a popular Javascript runtime, leads to 58 other packages being installed!

These changes can sometimes move in unexpected directions, for example, installing a package that depends on a newer version of a dependency you already have installed will cause that dependency to be updated, which may then lead to other packages dependent on it being updated, as explored in “Unraveling Homebrew Dependencies: A Handy Guide” by Dorian Karter.

This can be a nightmare for keeping your fleet compliant. Imagine you want to install curl, a popular CLI tool, but your organisation forbids installing anything with the 0BSD license. Installing curl will also install zx, which has that license and so would be out-of-policy. But zx isn’t listed as a dependency of  curl, it’s a dependency of  zstd, another curl dependency.

Understanding the “blast radius” of a new package entering your fleet can be difficult, but in this post we’ll dig into some ways you can tackle your own personal dependency hell.

Visualising the dependency graph

Workbrew engineer Kristján created a visualisation of the Homebrew dependency graph which shows how interconnected most of the ecosystem is. A halo of packages without dependencies surrounds a dense knot of packages, with clusters around language runtimes such as go, node, python, and openjdk, as well as important components of web infrastructure such as openssl. These clusters are circled in the screenshot below:

The graph is built with D3, go ahead and explore it at https://koddsson.github.io/dependency-graph-component/.

You can visualise dependencies for packages right from your command line using brew. Brew’s deps command shows dependencies for formulae, and using the --graph flag will generate and open a directed graph of the dependencies in your browser.

This graph gives you a visual way to trace the chain of dependencies and what might be installed or updated as a result of changing a single package.

New tools in Workbrew for managing dependencies

Kristján’s graph visualisation came about as a result of experimenting with new features recently added to Workbrew. To give system administrators better visual insights into their fleet, and help make sure forbidden packages aren’t installed as part of a bigger dependency chain, Workbrew indexes dependencies and dependents of packages and exposes them visually within the Console.

Whilst it’s important to understand what dependencies will be pulled in by an installation or upgrade, you need to understand what packages were actually requested and are in use, and not just an incidental dependency. As of version 1.3, Workbrew’s “Formula” view only shows explicitly-installed packages, or “leaves”, hiding dependencies for a cleaner and more actionable view. A new tab, “Formula with Dependencies”, exposes every package installed across the fleet, and indicates whether a package is installed as a dependency. You can learn more about this change in the Release Notes for 1.3.

When viewing a Formula in the Console, its dependencies and dependents are now listed, allowing you to discover more about the relationship between formulae and their dependencies. You can click through on listed items to in turn view their dependents and dependencies.

At Workbrew, we believe visibility into your toolchain — not just Homebrew Formulae — is key to confident system management. Try our free plan to map your own dependency surface.

Code Block

#!/bin/bash
# Check for Homebrew in supported installation paths.

if [[ -x "/opt/homebrew/bin/brew" ]] ||
   [[ -x "/usr/local/bin/brew" ]] ||
   [[ -x "/home/linuxbrew/.linuxbrew/bin/brew" ]]
then
  echo "Homebrew is installed."
  exit 0
else
  echo "Homebrew is not installed."
  exit 1
fi

Have you ever run brew upgrade and wondered why seemingly unrelated packages got pulled in during the upgrade process?

When installing a package Homebrew might need to fetch additional software or libraries used to build the package, so-called “dependencies”. These dependencies might themselves have dependencies, meaning that installing or upgrading a single package could result in a cascade of package installations: installing Node.js, a popular Javascript runtime, leads to 58 other packages being installed!

These changes can sometimes move in unexpected directions, for example, installing a package that depends on a newer version of a dependency you already have installed will cause that dependency to be updated, which may then lead to other packages dependent on it being updated, as explored in “Unraveling Homebrew Dependencies: A Handy Guide” by Dorian Karter.

This can be a nightmare for keeping your fleet compliant. Imagine you want to install curl, a popular CLI tool, but your organisation forbids installing anything with the 0BSD license. Installing curl will also install zx, which has that license and so would be out-of-policy. But zx isn’t listed as a dependency of  curl, it’s a dependency of  zstd, another curl dependency.

Understanding the “blast radius” of a new package entering your fleet can be difficult, but in this post we’ll dig into some ways you can tackle your own personal dependency hell.

Visualising the dependency graph

Workbrew engineer Kristján created a visualisation of the Homebrew dependency graph which shows how interconnected most of the ecosystem is. A halo of packages without dependencies surrounds a dense knot of packages, with clusters around language runtimes such as go, node, python, and openjdk, as well as important components of web infrastructure such as openssl. These clusters are circled in the screenshot below:

The graph is built with D3, go ahead and explore it at https://koddsson.github.io/dependency-graph-component/.

You can visualise dependencies for packages right from your command line using brew. Brew’s deps command shows dependencies for formulae, and using the --graph flag will generate and open a directed graph of the dependencies in your browser.

This graph gives you a visual way to trace the chain of dependencies and what might be installed or updated as a result of changing a single package.

New tools in Workbrew for managing dependencies

Kristján’s graph visualisation came about as a result of experimenting with new features recently added to Workbrew. To give system administrators better visual insights into their fleet, and help make sure forbidden packages aren’t installed as part of a bigger dependency chain, Workbrew indexes dependencies and dependents of packages and exposes them visually within the Console.

Whilst it’s important to understand what dependencies will be pulled in by an installation or upgrade, you need to understand what packages were actually requested and are in use, and not just an incidental dependency. As of version 1.3, Workbrew’s “Formula” view only shows explicitly-installed packages, or “leaves”, hiding dependencies for a cleaner and more actionable view. A new tab, “Formula with Dependencies”, exposes every package installed across the fleet, and indicates whether a package is installed as a dependency. You can learn more about this change in the Release Notes for 1.3.

When viewing a Formula in the Console, its dependencies and dependents are now listed, allowing you to discover more about the relationship between formulae and their dependencies. You can click through on listed items to in turn view their dependents and dependencies.

At Workbrew, we believe visibility into your toolchain — not just Homebrew Formulae — is key to confident system management. Try our free plan to map your own dependency surface.

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAd.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out Brandon’s talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAD.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out my talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

Code Block

#!/bin/bash
# Check for Homebrew in supported installation paths.

if [[ -x "/opt/homebrew/bin/brew" ]] ||
   [[ -x "/usr/local/bin/brew" ]] ||
   [[ -x "/home/linuxbrew/.linuxbrew/bin/brew" ]]
then
  echo "Homebrew is installed."
  exit 0
else
  echo "Homebrew is not installed."
  exit 1
fi

Have you ever run brew upgrade and wondered why seemingly unrelated packages got pulled in during the upgrade process?

When installing a package Homebrew might need to fetch additional software or libraries used to build the package, so-called “dependencies”. These dependencies might themselves have dependencies, meaning that installing or upgrading a single package could result in a cascade of package installations: installing Node.js, a popular Javascript runtime, leads to 58 other packages being installed!

These changes can sometimes move in unexpected directions, for example, installing a package that depends on a newer version of a dependency you already have installed will cause that dependency to be updated, which may then lead to other packages dependent on it being updated, as explored in “Unraveling Homebrew Dependencies: A Handy Guide” by Dorian Karter.

This can be a nightmare for keeping your fleet compliant. Imagine you want to install curl, a popular CLI tool, but your organisation forbids installing anything with the 0BSD license. Installing curl will also install zx, which has that license and so would be out-of-policy. But zx isn’t listed as a dependency of  curl, it’s a dependency of  zstd, another curl dependency.

Understanding the “blast radius” of a new package entering your fleet can be difficult, but in this post we’ll dig into some ways you can tackle your own personal dependency hell.

Visualising the dependency graph

Workbrew engineer Kristján created a visualisation of the Homebrew dependency graph which shows how interconnected most of the ecosystem is. A halo of packages without dependencies surrounds a dense knot of packages, with clusters around language runtimes such as go, node, python, and openjdk, as well as important components of web infrastructure such as openssl. These clusters are circled in the screenshot below:

The graph is built with D3, go ahead and explore it at https://koddsson.github.io/dependency-graph-component/.

You can visualise dependencies for packages right from your command line using brew. Brew’s deps command shows dependencies for formulae, and using the --graph flag will generate and open a directed graph of the dependencies in your browser.

This graph gives you a visual way to trace the chain of dependencies and what might be installed or updated as a result of changing a single package.

New tools in Workbrew for managing dependencies

Kristján’s graph visualisation came about as a result of experimenting with new features recently added to Workbrew. To give system administrators better visual insights into their fleet, and help make sure forbidden packages aren’t installed as part of a bigger dependency chain, Workbrew indexes dependencies and dependents of packages and exposes them visually within the Console.

Whilst it’s important to understand what dependencies will be pulled in by an installation or upgrade, you need to understand what packages were actually requested and are in use, and not just an incidental dependency. As of version 1.3, Workbrew’s “Formula” view only shows explicitly-installed packages, or “leaves”, hiding dependencies for a cleaner and more actionable view. A new tab, “Formula with Dependencies”, exposes every package installed across the fleet, and indicates whether a package is installed as a dependency. You can learn more about this change in the Release Notes for 1.3.

When viewing a Formula in the Console, its dependencies and dependents are now listed, allowing you to discover more about the relationship between formulae and their dependencies. You can click through on listed items to in turn view their dependents and dependencies.

At Workbrew, we believe visibility into your toolchain — not just Homebrew Formulae — is key to confident system management. Try our free plan to map your own dependency surface.

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAd.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out Brandon’s talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAD.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out my talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

Have you ever run brew upgrade and wondered why seemingly unrelated packages got pulled in during the upgrade process?

When installing a package Homebrew might need to fetch additional software or libraries used to build the package, so-called “dependencies”. These dependencies might themselves have dependencies, meaning that installing or upgrading a single package could result in a cascade of package installations: installing Node.js, a popular Javascript runtime, leads to 58 other packages being installed!

These changes can sometimes move in unexpected directions, for example, installing a package that depends on a newer version of a dependency you already have installed will cause that dependency to be updated, which may then lead to other packages dependent on it being updated, as explored in “Unraveling Homebrew Dependencies: A Handy Guide” by Dorian Karter.

This can be a nightmare for keeping your fleet compliant. Imagine you want to install curl, a popular CLI tool, but your organisation forbids installing anything with the 0BSD license. Installing curl will also install zx, which has that license and so would be out-of-policy. But zx isn’t listed as a dependency of  curl, it’s a dependency of  zstd, another curl dependency.

Understanding the “blast radius” of a new package entering your fleet can be difficult, but in this post we’ll dig into some ways you can tackle your own personal dependency hell.

Visualising the dependency graph

Workbrew engineer Kristján created a visualisation of the Homebrew dependency graph which shows how interconnected most of the ecosystem is. A halo of packages without dependencies surrounds a dense knot of packages, with clusters around language runtimes such as go, node, python, and openjdk, as well as important components of web infrastructure such as openssl. These clusters are circled in the screenshot below:

The graph is built with D3, go ahead and explore it at https://koddsson.github.io/dependency-graph-component/.

You can visualise dependencies for packages right from your command line using brew. Brew’s deps command shows dependencies for formulae, and using the --graph flag will generate and open a directed graph of the dependencies in your browser.

This graph gives you a visual way to trace the chain of dependencies and what might be installed or updated as a result of changing a single package.

New tools in Workbrew for managing dependencies

Kristján’s graph visualisation came about as a result of experimenting with new features recently added to Workbrew. To give system administrators better visual insights into their fleet, and help make sure forbidden packages aren’t installed as part of a bigger dependency chain, Workbrew indexes dependencies and dependents of packages and exposes them visually within the Console.

Whilst it’s important to understand what dependencies will be pulled in by an installation or upgrade, you need to understand what packages were actually requested and are in use, and not just an incidental dependency. As of version 1.3, Workbrew’s “Formula” view only shows explicitly-installed packages, or “leaves”, hiding dependencies for a cleaner and more actionable view. A new tab, “Formula with Dependencies”, exposes every package installed across the fleet, and indicates whether a package is installed as a dependency. You can learn more about this change in the Release Notes for 1.3.

When viewing a Formula in the Console, its dependencies and dependents are now listed, allowing you to discover more about the relationship between formulae and their dependencies. You can click through on listed items to in turn view their dependents and dependencies.

At Workbrew, we believe visibility into your toolchain — not just Homebrew Formulae — is key to confident system management. Try our free plan to map your own dependency surface.

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAd.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out Brandon’s talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

3. IT Admins have questions. We weren’t sure what to expect, but so many folks had specific implementation queries. Others were curious about what Workbrew is up to. It was a non-stop flow of awesome conversations, and we ran out of Homebrew Cheat Sheets and Implementation Guides.

4. MacAD.UK has great bean bag chairs – the Chill-Out Zone was a super comfortable place to talk about CVEs.

5. The wonderful MacAdmins Foundation offers grants for folks who want to attend but aren’t in a position to fund the trip. For those looking to attend MacAdmins PSU, their applications are open.    

A big thank you to the MacAD.UK team and we’re excited to be back next year.

If you missed it, check out my talk on Balancing the Needs of IT, Security, & Engineering Teams at Scale

Never miss an update

Subscribe for the latest blogs, events, and exclusive content—delivered to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.