Visual Audit Homebrew Programs

miketheman

Mike Fiedler

Posted on May 10, 2020

Visual Audit Homebrew Programs

I use a Mac computer as my primary development machine. My personal one is where I spend a lot of time experimenting, self-learning, trying things out.
One awesome way to install software on macOS is to use Homebrew, which boils down the process of downloading, compiling, installing software (and any associated dependencies) to a simpler process, often with a single command, e.g. brew install httpie to get the HTTPie command line client.

However, since it's so easy to install a variety of packages and programs, oftentimes I'll have installed a program to try something out, and never need it again. The total count of packages installed via Homebrew can be seen like this:

$ brew list | wc -l
325
Enter fullscreen mode Exit fullscreen mode

I definitely don't recall installing all of these - and over time that becomes a heavier burden to carry. Each package can use up some disk space, but more importantly, every time a brew upgrade is run, it may install new versions of software you don't use, so that takes up more time - which is even more valuable than disk space. If you're running out of disk space, read:

But since I want to actually figure out if there's programs I've installed and no longer use or need, I could read the output of brew list and brew uninstall <package name> for each one, but I'm bound to overlook some packages that are dependencies, and may no longer be needed.

I find it best to read visual "maps" that diagram the relationships between packages, so that if I uninstall a package that as a dependency on another package, and nobody else depends on that package, that I uninstall them both, thereby freeing up more resources.

A nice helper program for Homebrew is this extension called brew-graph:

GitHub logo martido / homebrew-graph

Creates a simple dependency graph of Homebrew formulae.

Attention: This repository has been renamed from brew-graph to homebrew-graph to adhere to the Homebrew naming conventions of tap repositories Please update your local clones or forks (for consistency only, GitHub makes sure everything still works for you):

git remote set-url origin https://github.com/martido/homebrew-graph

brew-graph

brew-graph is a Ruby script that creates a dependency graph of Homebrew formulae. The currently supported output options are DOT and GraphML.

In general, if you'd like to know more about Untangling Your Homebrew Dependencies, check out the blog post by Jonathan Palardy.

Installation

brew tap martido/homebrew-graph

Note: If you already have the brew-graph formula installed from the old tap repository, uninstall it first:

brew uninstall brew-graph
brew untap martido/homebrew-brew-graph

Usage

Type brew graph --help.

brew graph [options] formula1 formula2 ... | --installed | --all
Create a dependency graph of Homebrew formulae.

Options:

 -h, --help            Print this help message.
 -f, --format

Once installed (read the README), I can create an image, along with the graphviz package's dot command:

brew graph --installed | dot -Tsvg -o homebrew-installed.svg
Enter fullscreen mode Exit fullscreen mode

I could replace the svg part with png to get a static image - I like the SVG file format, since it opens in Google Chrome and I can run a "Find" function for any names, and could also change some of the variables if I wanted to via text editor, or with an SVG Editor

The image output is similar to the one in the header of this post - some items are isolated and appear at the top row - these packages have no dependencies, and nothing depends on them - often a tool to do a specific thing. Audit these for tools you use directly, and uninstall those that you don't recall using. You can always reinstall them later!

Now for the more complex ones - like ffmpeg for example. This package has a lot of direct dependencies. So if I wanted to create an image that is scoped only to that package, I could run:

brew graph ffmpeg | dot -Tpng -o homebrew-ffmpeg.png
Enter fullscreen mode Exit fullscreen mode

And that looks like:

Alt Text

Which isn't easy to see, but it can be helpful to see the dependencies of a single package.
So if I wanted to uninstall all of the packages safely, I could run each one and if I get a warning that the package is in use, not remove it, or I could use another helpful external command - rmtree:

GitHub logo beeftornado / homebrew-rmtree

Remove a formula and its unused dependencies

homebrew-rmtree

Remove a formula and its unused dependencies

What is it?

It's an external command for Homebrew that provides a new command, rmtree that will uninstall that formula, and uninstall any of its dependencies that have no formula left installed that depend on them. The command will check all dependencies recursively starting at the one specified on the command line.

This is tricky business. So this command comes with a warning.

Warning

There are formulae that do not specify all of their dependencies. This means that it is possible that this command will remove something you still need or won't remove something you no longer want. Generally, it is pretty good Until someone comes up with a clever way around this, you need to be careful what you uninstall A formula could also depend on something you want to keep around, while nothing else actually depends on it (except…

This provides a useful --dry-run parameter to observe what might happen if we wanted to remove a package, and see for ourselves what we would be removing. Example:

$ brew rmtree --dry-run ffmpeg
This is a dry-run, nothing will be deleted
==> Examining installed formulae required by ffmpeg...
 -  61 / 62

Can safely be removed
----------------------
ffmpeg
aom
lame
libbluray
...
Enter fullscreen mode Exit fullscreen mode

This goes on for a while, so run it yourself and see what your computer can safely remove!

Reminder: As always, take these notes with caution. The risk of installing someone else's software on systems that may lead to undue exposure. This post and other software are things lot of us write, but there's nothing preventing malicious actors from doing nasty things over similar channels, so make sure you have other protections in place - like firewalls, malware/virus scanners, network monitoring/alerting, etc - and if it's open source code, you can read it too, and form your own opinions!

Hopefully this post has provided you with a couple of tools in your toolbox to help keep your computer in good shape, extending its lifespan and utility to keep learning and trying out new things!

💖 💪 🙅 🚩
miketheman
Mike Fiedler

Posted on May 10, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related