[Bug] macOS brew upgrade requires bypassing security to launch Claude Code
Open 💬 19 comments Opened Nov 27, 2025 by sokrah
Bug Description
on macOS : just performed the brew upgrade claude-code
i couldn't relaunch claude after that, I had to forcefully bypass mac security as mentionned here : https://support.apple.com/fr-fr/guide/mac-help/mchleab3a043/mac
(feel free to change the language)
Environment Info
- Platform: darwin
- Terminal: intellij
- Version: 2.0.55
- Feedback ID: 48c2131e-99b3-473e-a329-eeffc52ba8cf
19 Comments
👀
<img width="265" height="267" alt="Image" src="https://github.com/user-attachments/assets/12362a37-89f8-4337-978c-ce556214f9a9" />
hey claude-code/anthropic team, should we be worried?
i experienced the same after upgrading with:
brew upgrade --cask claude-codeeven after manually deleting the existing claude app from applications:
sudo rm -rf /Applications/Claude.appuninstalling claude-code cask with "force" to ensure full cleanup:
brew uninstall --force --cask claudeand finally, installing claude-code fresh again:
brew install --cask claudeenvironment info:
the only thing i haven't done is delete the entire ~/.claude folder.
thanks.
it works as expected now, no more warnings and no need to bypass any security settings. this issue is resolved and can be closed.
p.s.
i ran:
brew reinstall --cask claude-coderan:
claudeand voilà, no more warnings.
thanks! 🙏
The issue came back on with the 2 latest release....
I just got this issue for the first time, and then ran
brew reinstall --cask claude-codeand now the issue is gone again.Any news about this issue?
I have the same issue and
reinstalldidn't work in my case.@joseyukio follow the tip in the link from apple support that i linked in the original post.
(The problem seems solved with the last patch though)
And today this happened to me after upgrading to the latest version using
brew upgrade.Try System Settings: Privacy & Security and then scroll down. There should be a warning about Claube being blocked with a button "Allow Anyway"
I've caught this notarization error message just after an upgrade
claude-code 2.1.39 -> 2.1.42bybrew upgrade, and fixed the error by runningbrew reinstall --cask claude-code. I'm not sure why this issue still remains.Got "Apple could not verify “claude” is free of malware that may harm your Mac or compromise your privacy." with 2.1.47 too.
brew reinstall --cask claude-codenot helped but what helped is allowclaudeinPrivacy & SecurityThis is a bit unsafe! You can only do this if you know the source of the binary.
Getting this same error message with version 2.1.80
I encountered this issue when I
brew upgrade claude-codev2.1.84 → v2.1.85Since this has been open for months, I assume I'll get hit again.
My trivial solution: dequarantine.sh claude
any updates?
Just got this issue on an upgrade from
2.1.131to2.1.132:Did a re-install just to be safe:
Still hitting this on fresh
brew upgrade --cask claude-codefor some recent versions (2.1.126). Wrote a small script that verifies the binary against Anthropic's Apple Team ID (Q6L2SF6YDW), then clearscom.apple.quarantineonly if the signature check passes — so it doesn't blindly bypass Gatekeeper:https://gist.github.com/dfa1/3cdb171e72f8e1c71c1b47a13f4bbb69
Drop-in usage after each upgrade:
Hope it's useful to others until the notarization side gets sorted out.
Thanks for putting this script together @dfa1.
I have 2 questions.
Since this issue has been reported on November last year, I encounter this problem a handful of times, but on every macOS update seems like the quarantine list gets cleaned up or something.
I cannot believe that they have not found a permanent solution for a tool that elicits such a level of autonomy.
How I found the Team ID
It's embedded in the code signature of any signed binary Anthropic ships — not secret. There are 2 ways:
The same TeamId is documented here as well: https://claude.com/docs/cowork/3p/installation?search=how+to+find+the+teamid+for+anthin+apple%3F#endpoint-security-software
On how common the notarization issue is
I don't have a single authoritative source to point at, but the failure pattern is well-known:
com.apple.quarantinexattr handling differs between brew cask and formula installs.Correcting a common misread in this thread (including my own first take): the
claudebinary is signed and notarized. That's verifiable:So this isn't a signing problem, and it's not the "unsigned cask gets deprecated" issue — the cask passes Gatekeeper/notarization checks.
The actual root cause is stapling.
claudeis shipped as a standalone Mach-O binary, and Apple does not support stapling a notarization ticket to a bare binary (only.app,.pkg,.dmg,.kextcan be stapled). Per Apple's own guidance for notarized CLI tools/daemons: with no stapled ticket, Gatekeeper has to fetch the ticket from Apple's notary service over the network on first launch of each build. If the machine is online it downloads and caches the ticket silently; if that check can't complete, you get the "could not verify… Move to Trash" alert.That explains the contradictory reports here:
spctlsays "Notarized" because that call reaches Apple (or the cache) successfully.brew upgradebecause a new version = new CDHash = the cached ticket no longer applies, so a fresh online check is required.com.apple.quarantineattribute on the binary now that--no-quarantineis gone — putting that online check in the launch path where it effectively wasn't before.Why this matters for managing Claude Code via Homebrew: every release ships a new CDHash, so every
brew upgradere-triggers the online notarization check. On any machine that's offline, behind a locked-down proxy, in CI, or under MDM, that check fails and a human has to click "Allow Anyway" through a GUI security prompt — which defeats unattendedbrew upgrade --caskand fleet workflows entirely.The fix is on the Anthropic side and is the standard remedy for notarized CLI tools: distribute the binary inside a notarized and stapled
.pkg(or.dmg) rather than as a bare Mach-O. A stapled container carries a local ticket, so Gatekeeper verifies offline and the runtime network dependency goes away. Homebrew casks consume.pkg/.dmgartifacts without issue.Environment: