Homebrew/homebrew-cask Maintainer Guide

This guide is intended to help maintainers effectively maintain the cask repositories. It is meant to be used in conjunction with the more generic Maintainer Guidelines.

This guide applies to all four of the cask repositories:

Common Situations

Here is a list of the most common situations that arise in cask PRs and how to handle them:

If in doubt, ask another cask maintainer on GitHub or Slack.

Note that unlike formulae, casks do not consider the sha256 stanza to be a meaningful security measure as maintainers cannot realistically check them for authenticity. Casks download from upstream; if a malicious actor compromised a URL, they could potentially compromise a version and make it look like an update.


In general, using GitHub’s Squash and Merge button is the best way to merge a PR. This can be used when the PR modifies only one cask, regardless of the number of commits or whether the commit message format is correct. When merging using this method, the commit message can be modified if needed. Usually, version bump commit messages follow the form Update CASK from OLD_VERSION to NEW_VERSION.

If the PR modifies multiple casks, use the Rebase and Merge button to merge the PR. This will use the commit messages from the PR, so make sure that they are appropriate before merging. If needed, checkout the PR, squash/reword the commits and force-push back to the PR branch to ensure the proper commit format.

Finally, make sure to thank the contributor for submitting a PR!

Other Tips

A maintainer can easily rebase a PR onto the latest master branch by adding a /rebase comment. BrewTestBot will automatically rebase the PR and add a reaction to the comment once the rebase is in progress and complete.

Fork me on GitHub