
Security News
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
github.com/cli/cli/v2
gh
is GitHub on the command line. It brings pull requests, issues, and other GitHub concepts to the terminal next to where you are already working with git
and your code.
GitHub CLI is supported for users on GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server 2.20+ with support for macOS, Windows, and Linux.
For installation options see below, for usage instructions see the manual.
If anything feels off or if you feel that some functionality is missing, please check out the contributing page. There you will find instructions for sharing your feedback, building the tool locally, and submitting pull requests to the project.
If you are a hubber and are interested in shipping new commands for the CLI, check out our doc on internal contributions.
gh
is available via Homebrew, MacPorts, Conda, Spack, Webi, and as a downloadable binary including Mac OS installer .pkg
from the releases page.
[!NOTE] As of May 29th, Mac OS installer
.pkg
are unsigned with efforts prioritized incli/cli#9139
to support signing them.
Install: | Upgrade: |
---|---|
brew install gh | brew upgrade gh |
Install: | Upgrade: |
---|---|
sudo port install gh | sudo port selfupdate && sudo port upgrade gh |
Install: | Upgrade: |
---|---|
conda install gh --channel conda-forge | conda update gh --channel conda-forge |
Additional Conda installation options available on the gh-feedstock page.
Install: | Upgrade: |
---|---|
spack install gh | spack uninstall gh && spack install gh |
Install: | Upgrade: |
---|---|
curl -sS https://webi.sh/gh | sh | webi gh@stable |
For more information about the Webi installer, see its homepage.
Install: | Upgrade: |
---|---|
flox install gh | flox upgrade toplevel |
For more information about Flox, see its homepage
gh
is available via:
For more information, see Linux & BSD installation.
gh
is available via WinGet, scoop, Chocolatey, Conda, Webi, and as downloadable MSI.
Install: | Upgrade: |
---|---|
winget install --id GitHub.cli | winget upgrade --id GitHub.cli |
[!NOTE] The Windows installer modifies your PATH. When using Windows Terminal, you will need to open a new window for the changes to take effect. (Simply opening a new tab will not be sufficient.)
Install: | Upgrade: |
---|---|
scoop install gh | scoop update gh |
Install: | Upgrade: |
---|---|
choco install gh | choco upgrade gh |
MSI installers are available for download on the releases page.
To add GitHub CLI to your codespace, add the following to your devcontainer file:
"features": {
"ghcr.io/devcontainers/features/github-cli:1": {}
}
GitHub CLI comes pre-installed in all GitHub-Hosted Runners.
Download packaged binaries from the releases page.
Since version 2.50.0, gh
has been producing Build Provenance Attestation, enabling a cryptographically verifiable paper-trail back to the origin GitHub repository, git revision, and build instructions used. The build provenance attestations are signed and rely on Public Good Sigstore for PKI.
There are two common ways to verify a downloaded release, depending on whether gh
is already installed or not. If gh
is installed, it's trivial to verify a new release:
Option 1: Using gh
if already installed:
$ gh at verify -R cli/cli gh_2.62.0_macOS_arm64.zip
Loaded digest sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc for file://gh_2.62.0_macOS_arm64.zip
Loaded 1 attestation from GitHub API
✓ Verification succeeded!
sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc was attested by:
REPO PREDICATE_TYPE WORKFLOW
cli/cli https://slsa.dev/provenance/v1 .github/workflows/deployment.yml@refs/heads/trunk
Option 2: Using Sigstore cosign
:
To perform this, download the attestation for the downloaded release and use cosign to verify the authenticity of the downloaded release:
$ cosign verify-blob-attestation --bundle cli-cli-attestation-3120304.sigstore.json \
--new-bundle-format \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
--certificate-identity="https://github.com/cli/cli/.github/workflows/deployment.yml@refs/heads/trunk" \
gh_2.62.0_macOS_arm64.zip
Verified OK
See here on how to build GitHub CLI from source.
For many years, hub was the unofficial GitHub CLI tool. gh
is a new project that helps us explore
what an official GitHub CLI tool can look like with a fundamentally different design. While both
tools bring GitHub to the terminal, hub
behaves as a proxy to git
, and gh
is a standalone
tool. Check out our more detailed explanation to learn more.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.