not going to do cause it’s architecture issue of root, can’t be just solved by rust rewrite of client
https://github.com/RazrFalcon/memmap2-rs https://github.com/bitflags/bitflags
good lib to use(high chance astral is using them, so see how they are using it to learn more):
snapshot testing: https://insta.rs/ benchmarking tool: https://github.com/bheisler/criterion.rs for linux: https://github.com/bytecodealliance/rustix
integrate this feature also of workspace, this is also great: https://github.com/jdx/mise
https://x.com/dhh/status/1945564492299211193
for the version manager thing, we need to go for bun approach, how bun installs things from all things from pnpm yaml file to yarn.lock it just migrates things, we love open source, we don’t want to compete with each other, we want to give the user best experience as much as possible, and i don’t think we are gone achieve it by reinventing the same thing again and telling here is the better version
we don’t want to reinvent new format for defining things:
brew upgrade broke everything!
Entrprise plan:
found this from hackernews comment, sugget how can this be solved, let’s see what options do we have? What exactly went down with homebrew? Suddenly my employer was pulling it from every device and I never really got a solid explanation of why! I’ve not been able to get anything meaningful from searching on my own, obviously. Someone help a guy out?
israrkhan 5 months ago | root | parent | next [–]
Homebrew itself is not bad, but it does allow users to install software from thirdparty sources, that are unvetted, or unverified. This could pose a security risk. I can see why some companies will disable homebrew. Especially for non-developers.
claude discussion, this is really good thing combining with fastbrewfiles and project scoped things, it could really workout like sexy thing:
This is a real security concern that companies face with Homebrew, and it’s actually a huge opportunity for fastbrew! Let me break down the problems and how fastbrew could solve them:
The Homebrew Security Problems
1. Unvetted Third-Party Taps
# Anyone can create a tap and users can add it
brew tap sketchy-company/tools
brew install sketchy-tool # Could be malware
# No verification of who maintains these taps
# No code signing requirements
# No security scanning2. Supply Chain Attacks
# Taps can be compromised
# Formula maintainers can push malicious updates
# No rollback protection if something goes wrong3. Privilege Escalation
# Homebrew often requires sudo
# Installs to system directories (/usr/local)
# Modifies system PATH and configurations
# Can install anything, including system services4. No Enterprise Controls
# Can't restrict what packages employees install
# No audit trail of what was installed when
# No central management or policy enforcementHow Fastbrew Could Solve This (Your Competitive Advantage!)
1. Security-First Architecture
# In fastbrew enterprise config
[security]
# Only allow packages from verified sources
verified-sources-only = true
# Require code signing for all packages
require-signatures = true
# Block installation of development tools on non-dev machines
development-tools = "block"2. Enterprise Policy Engine
# Company admin creates policy
$ fastbrew policy create --template corporate
# Policy gets distributed to all employee machines
$ fastbrew policy sync --from corporate-server
# Employees can only install approved packages
$ fastbrew install sketchy-tool
✗ Error: Package 'sketchy-tool' blocked by corporate policy
Contact IT to request approval3. Audit and Compliance
# Complete audit trail
$ fastbrew audit --company-wide
2025-10-04 10:15: john.doe installed python@3.11
2025-10-04 10:20: jane.smith installed node@18
2025-10-04 10:25: BLOCKED: bob.jones attempted mysql (policy violation)
# Export for compliance
$ fastbrew audit --export --format csv --last-30-days4. Sandboxed Installation
# Packages run in isolation (like Docker but lighter)
$ fastbrew install --sandbox python@3.11
→ Installing in isolated environment /Users/john/.fastbrew/sandboxes/python-3.11
→ No system PATH modification required
→ No sudo needed5. Package Verification
# Cryptographic verification of all packages
$ fastbrew install neovim
→ Verifying package signature... ✓
→ Checking against security database... ✓
→ Scanning for known vulnerabilities... ✓
→ Corporate policy check... ✓
→ Safe to installImplementation Strategy
Phase 1: Security Foundation
- Package signing: Every package cryptographically signed
- Vulnerability scanning: Integration with security databases
- Isolated installation: No system-wide modifications by default
Phase 2: Enterprise Features
- Policy engine: Centralized control over what can be installed
- Audit logging: Complete trail of all package operations
- Remote management: IT can manage packages across all machines
Phase 3: Advanced Security
- Runtime sandboxing: Packages run in containers
- Behavioral analysis: Detect if packages do unexpected things
- Zero-trust model: Verify everything, trust nothing
Your Marketing Advantage
This gives you a massive differentiator:
# Homepage tagline:
"Finally, a package manager your security team will approve"
# Enterprise features:
✅ Full audit trail and compliance reporting
✅ Centralized policy management
✅ Package signing and verification
✅ Sandboxed installations (no sudo needed)
✅ Integration with corporate security tools
✅ Rollback and disaster recoveryTechnical Implementation
You could add to your design:
8. Enterprise Security & Compliance
$ fastbrew enterprise init
→ Setting up corporate policy engine...
→ Connecting to security database...
→ Enabling audit logging...
$ fastbrew policy set --restrict "development-tools" --except "engineering-team"
$ fastbrew policy set --block-unsigned-packages
$ fastbrew policy set --require-approval "security-sensitive-tools"
$ fastbrew compliance report --export --format json
{
"total_packages": 1247,
"policy_violations": 0,
"security_alerts": 2,
"last_audit": "2025-10-04T10:15:00Z"
}The Business Opportunity
Companies pay big money for this kind of security:
- Tanium (endpoint security): $100M+ revenue
- CrowdStrike (security platform): $2B+ revenue
- Okta (identity management): $1.6B+ revenue
A secure, enterprise-ready package manager could tap into this market!
**This could be your “enterprise edition” that companies actually pay for, while keeping the core fastbrew free for developers.