DEV Community

Cover image for Visual Audit Homebrew Programs
Mike Fiedler
Mike Fiedler

Posted on

Visual Audit Homebrew Programs

I use a Mac computer as my primary development machine. My personal one is where I spend a lot of time experimenting, self-learning, trying things out.
One awesome way to install software on macOS is to use Homebrew, which boils down the process of downloading, compiling, installing software (and any associated dependencies) to a simpler process, often with a single command, e.g. brew install httpie to get the HTTPie command line client.

However, since it's so easy to install a variety of packages and programs, oftentimes I'll have installed a program to try something out, and never need it again. The total count of packages installed via Homebrew can be seen like this:

$ brew list | wc -l
325
Enter fullscreen mode Exit fullscreen mode

I definitely don't recall installing all of these - and over time that becomes a heavier burden to carry. Each package can use up some disk space, but more importantly, every time a brew upgrade is run, it may install new versions of software you don't use, so that takes up more time - which is even more valuable than disk space. If you're running out of disk space, read:

But since I want to actually figure out if there's programs I've installed and no longer use or need, I could read the output of brew list and brew uninstall <package name> for each one, but I'm bound to overlook some packages that are dependencies, and may no longer be needed.

I find it best to read visual "maps" that diagram the relationships between packages, so that if I uninstall a package that as a dependency on another package, and nobody else depends on that package, that I uninstall them both, thereby freeing up more resources.

A nice helper program for Homebrew is this extension called brew-graph:

GitHub logo martido / homebrew-graph

Creates a simple dependency graph of Homebrew formulae.

Attention: This repository has been renamed from brew-graph to homebrew-graph to adhere to the Homebrew naming conventions of tap repositories Please update your local clones or forks (for consistency only, GitHub makes sure everything still works for you):

git remote set-url origin https://github.com/martido/homebrew-graph

brew-graph

brew-graph is a Ruby script that creates a dependency graph of Homebrew formulae. The currently supported output options are DOT and GraphML.

In general, if you'd like to know more about Untangling Your Homebrew Dependencies, check out the blog post by Jonathan Palardy.

Installation

brew tap martido/homebrew-graph

Note: If you already have the brew-graph formula installed from the old tap repository, uninstall it first:

brew uninstall brew-graph
brew untap martido/homebrew-brew-graph

Usage

Type brew graph --help.

brew graph [options] formula1 formula2 ... | --installed | --all
Create a dependency graph of Homebrew formulae.

Options:

 -h, --help            Print this help message.
 -f, --format

Once installed (read the README), I can create an image, along with the graphviz package's dot command:

brew graph --installed | dot -Tsvg -o homebrew-installed.svg
Enter fullscreen mode Exit fullscreen mode

I could replace the svg part with png to get a static image - I like the SVG file format, since it opens in Google Chrome and I can run a "Find" function for any names, and could also change some of the variables if I wanted to via text editor, or with an SVG Editor

The image output is similar to the one in the header of this post - some items are isolated and appear at the top row - these packages have no dependencies, and nothing depends on them - often a tool to do a specific thing. Audit these for tools you use directly, and uninstall those that you don't recall using. You can always reinstall them later!

Now for the more complex ones - like ffmpeg for example. This package has a lot of direct dependencies. So if I wanted to create an image that is scoped only to that package, I could run:

brew graph ffmpeg | dot -Tpng -o homebrew-ffmpeg.png
Enter fullscreen mode Exit fullscreen mode

And that looks like:

Alt Text

Which isn't easy to see, but it can be helpful to see the dependencies of a single package.
So if I wanted to uninstall all of the packages safely, I could run each one and if I get a warning that the package is in use, not remove it, or I could use another helpful external command - rmtree:

GitHub logo beeftornado / homebrew-rmtree

Remove a formula and its unused dependencies

homebrew-rmtree

Remove a formula and its unused dependencies

What is it?

It's an external command for Homebrew that provides a new command, rmtree that will uninstall that formula, and uninstall any of its dependencies that have no formula left installed that depend on them. The command will check all dependencies recursively starting at the one specified on the command line.

This is tricky business. So this command comes with a warning.

Warning

There are formulae that do not specify all of their dependencies. This means that it is possible that this command will remove something you still need or won't remove something you no longer want. Generally, it is pretty good Until someone comes up with a clever way around this, you need to be careful what you uninstall A formula could also depend on something you want to keep around, while nothing else actually depends on it (except…

This provides a useful --dry-run parameter to observe what might happen if we wanted to remove a package, and see for ourselves what we would be removing. Example:

$ brew rmtree --dry-run ffmpeg
This is a dry-run, nothing will be deleted
==> Examining installed formulae required by ffmpeg...
 -  61 / 62

Can safely be removed
----------------------
ffmpeg
aom
lame
libbluray
...
Enter fullscreen mode Exit fullscreen mode

This goes on for a while, so run it yourself and see what your computer can safely remove!

Reminder: As always, take these notes with caution. The risk of installing someone else's software on systems that may lead to undue exposure. This post and other software are things lot of us write, but there's nothing preventing malicious actors from doing nasty things over similar channels, so make sure you have other protections in place - like firewalls, malware/virus scanners, network monitoring/alerting, etc - and if it's open source code, you can read it too, and form your own opinions!

Hopefully this post has provided you with a couple of tools in your toolbox to help keep your computer in good shape, extending its lifespan and utility to keep learning and trying out new things!

Top comments (1)

Collapse
 
honda_iroban_2ace4ab938e0 profile image
Honda Iroban

Hello.
I hope you are doing well. I have been following your work for quite some time and have been deeply impressed by your wealth of experience and technical insight. In particular, your approach to [specific project or technical field] has taught me a great deal, and it is this inspiration that led me to reach out to you.
Let me briefly introduce myself. I am a full-stack developer and AI engineer. I can independently build entire projects from start to finish, covering front-end, back-end, databases, deployment, and integrating AI models into production systems. I can handle every step of the process, from designing real-time data pipelines and optimizing React rendering to designing REST or GraphQL APIs and fine-tuning Transformer models for specific use cases.
I am not seeking mentorship or assistance. I want to collaborate with someone who has extensive experience. I believe that by combining your engineering knowledge, accumulated through years of experience, with my ability to execute quickly across the AI field, we can produce tangible results—whether that be open-source tools, a startup MVP, or a bridge connecting R&D to commercialization.
To prove my capabilities and dedication, I am willing to work without compensation initially. There are no guarantees regarding pay, equity, or promises. I will simply demonstrate the concrete results I can deliver to you. No matter how complex the task, if you provide me with a clearly defined assignment, I will complete it. Once you have verified the quality and reliability of my work, we can negotiate fair terms for future collaboration. Even if that doesn’t happen, you have nothing to lose.
I am not asking for your trust outright. I simply hope you will give me the opportunity to earn it through my work.
If you need the help of a capable professional for problem-solving or a side project, please feel free to contact me at any time. I’m ready to take on the first assignment.
Thank you.
Iroban Honda