The fastest macOS package manager. Written in Zig.
$ curl -fsSL https://nanobrew.trilok.ai/install | bash
Then restart your terminal or run the export command it prints.
230x faster than Homebrew · 0.1ms for no-ops
Speed
Apple Silicon, macOS 15, same network. Cold = fresh download. Warm = cached in store.
tree / 0 deps, cold
7.6x faster
wget / 6 deps, cold
1.5x faster
ffmpeg / 11 deps, warm
7,000x faster
What shipped in v0.1.082
Recent fixes across install state, self-update, release automation, and the open-issue batch are now reflected in the current patch line.
🛡 security
patched
21 vulnerabilities — RCE, path traversal, injection, binary corruption
Shell injection in decompression · JSON injection in DB · self-update was curl|bash · Mach-O binary guard
🔧 broken packages
fixed
aws, pip3, c_rehash, wheel3 — all script packages work now
@@HOMEBREW_CELLAR@@ placeholders replaced in shebangs · handles read-only files (0o555)
✨ new commands
added
nb migrate · nb info --cask · nb bundle install
Import from Homebrew · cask metadata · Brewfile support with instant no-ops
🚀 quality of life
added
no sudo after init · clear errors · no Gatekeeper quarantine on casks
sudo nb init chowns to your user · failed packages listed with hint · apps just open
🧪 testing
after
150 tests + adversarial security suite
+47 tests · path traversal · JSON injection · null bytes · version string attacks
Version timeline
What each nanobrew release actually shipped. Tree install numbers are warm, Apple Silicon, median of 3 runs.
v0.1.082 / jun 2025, first stable line
21 CVEs fixed · nb migrate · nb info --cask · nb bundle install · no sudo after init
v0.1.190 / apr 2026, Zig 0.16 + faster everything
nb
17ms warm · 2.3x faster than v0.1.082
Zig 0.16.0 compiler · native tar extractor (no subprocess) · persistent HTTP client · O(1) resolver queue · 15+ bugs fixed
v0.1.191 / apr 2026, signed + command-speed wins
nb
17ms warm · install path unchanged
Apple-notarized · 12x faster nb leaves · 1.80x faster nb search (streaming JSON) · 1.77x faster cold-install resolver · Python dlopen codesign fix · zero-leak nb outdated / nb info · full notes
v0.1.192 / apr 2026, native paths + manager-speed wins
nb
48.8ms yt-dlp reinstall · 119.4x faster than Homebrew
359 verified native paths · 100/100 top formulae + 100/100 top casks covered · 37.5x faster than zerobrew on target reinstall · no Homebrew required for covered paths · full notes
$ nb install jq
==> Resolving dependencies...
[38ms]
==> Installing 1 package(s):
jq 1.7.1
==> Downloading + installing 1 packages...
✓ jq
==> Done in 1102.4ms
$ nb list
jq 1.7.1
$ nb update # self-update nanobrew
==> Updating nanobrew...
==> nanobrew updated successfully
How it works
01
Resolve
BFS parallel dependency resolution across concurrent API calls
02
Download
Native HTTP with streaming SHA256 verification in a single pass
03
Extract
Unpack into content-addressable store keyed by SHA256
04
Materialize
APFS clonefile into Cellar — copy-on-write, zero disk cost
05
Link
Symlink binaries into PATH and record in local database
Why it's fast
APFS clonefile
Copy-on-write materialization via macOS syscall. Zero disk overhead per install.
Parallel everything
Downloads, extraction, relocation, and dependency resolution all run concurrently.
Native HTTP
Zig std.http.Client replaces curl subprocess spawns. One fewer process per bottle.
Native Mach-O
Reads load commands from binary headers directly. No otool. Batched codesign.
Content-addressed store
SHA256-keyed dedup means reinstalls skip download and extraction entirely.
Single static binary
No Ruby runtime. No interpreter startup. No config sprawl. Just one ~2MB binary.