Safeguard
DevSecOps

How to Install Python on Mac Terminal: A Step-by-Step Guide

The clean way to install Python on a Mac using the terminal, why you should not touch the system Python, and how to keep your install secure and up to date.

Marcus Chen
DevSecOps Engineer
5 min read

To install Python on a Mac terminal, the cleanest approach is to install Homebrew and then run brew install python, which gives you an up-to-date Python 3 and pip without touching the system Python that macOS ships for its own use. That one command covers most needs, but the details around PATH, virtual environments, and keeping the install secure are where people get stuck. This guide walks through it end to end.

Why not just use the Python already on your Mac?

macOS includes a Python installation, but it exists to support the operating system's own tooling, not your projects. It is often an older version, you should not modify it, and on recent macOS releases typing python alone may return command not found while python3 points at the Xcode command-line tools version. Building your work on the system Python risks breaking OS behavior and leaves you stuck on whatever version Apple decided to ship. Install your own instead.

Step 1: Install Homebrew

Homebrew is the de facto package manager for macOS and the standard way developers manage Python. If you do not already have it, install it from the terminal:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

A word on security here, since you are piping a script from the internet into a shell. Only use the URL from the official Homebrew site (brew.sh), which is the same one shown above. Piping remote scripts to bash is a legitimate install pattern for trusted, well-known projects, but it is also a technique attackers abuse, so verify the domain and prefer copying the command from the project's own site rather than a random blog. If you want to inspect it first, open the URL in a browser and read the script before running it.

After it finishes, Homebrew prints a couple of commands to add itself to your PATH. On Apple Silicon Macs that means adding /opt/homebrew/bin; run the exact lines the installer shows.

Step 2: Install Python

With Homebrew in place, installing Python is one command:

brew install python

This installs the current Python 3 release along with pip3, Python's package installer, pointed at the Homebrew Python. Homebrew handles the dependencies and puts the binaries on your PATH.

Step 3: Verify the install

Confirm it worked and that you are getting the version you expect:

python3 --version
pip3 --version
which python3

The which python3 output should point into the Homebrew directory (something under /opt/homebrew on Apple Silicon or /usr/local on Intel), not /usr/bin/python3. If it still points at /usr/bin, your PATH is not ordered correctly and the next section fixes it.

Step 4: Fix your PATH if needed

If python3 does not resolve to the Homebrew version, your shell is finding the system copy first. Modern Macs use zsh, so edit ~/.zshrc and make sure the Homebrew path comes first:

echo 'export PATH="/opt/homebrew/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

Reload the shell (or open a new terminal window) and check which python3 again. This is the single most common snag people hit installing Python on a Mac OS terminal, and it is purely an ordering issue.

Step 5: Use virtual environments for projects

Do not install project packages into your global Python with pip3 install at the system level. That path leads to version conflicts between projects and, worse, to running arbitrary package code with broad access. Create an isolated virtual environment per project instead:

python3 -m venv .venv
source .venv/bin/activate
pip install requests

When the environment is active your prompt shows its name, and pip install only affects that project. Run deactivate to leave it. This isolation is both a hygiene practice and a security one, because it limits the blast radius of a compromised or malicious package to a single project.

Keeping your Python install secure

Two habits matter once Python is installed on your Mac.

Keep it patched. Python security fixes ship in point releases, and updating through Homebrew is trivial:

brew update && brew upgrade python

Vet the packages you install. pip install runs code from the Python Package Index, and typosquatted or malicious packages are a real and recurring threat. Double-check package names against the official project, and pin your dependencies in a requirements.txt with hashes for anything you ship. For projects that grow beyond a hobby scale, a software composition analysis pass over your requirements.txt or poetry.lock flags dependencies with known vulnerabilities before they reach production; that is exactly the workflow our SCA guide walks through.

If you manage several projects on different Python versions, consider pyenv (also installable via Homebrew) to switch versions per project. It complements Homebrew rather than replacing it, and it keeps you off the system Python entirely.

FAQ

How do I install Python on a Mac using the terminal?

Install Homebrew from brew.sh, then run brew install python. That installs a current Python 3 and pip3. Verify with python3 --version and make sure which python3 points at the Homebrew directory rather than /usr/bin.

Should I use the Python that comes with macOS?

No. The bundled Python exists for the operating system's own tooling, is often outdated, and should not be modified. Install your own Python through Homebrew so you control the version and avoid breaking system behavior.

Why does python say command not found on my Mac?

On recent macOS releases the bare python command is not provided; use python3. If even python3 resolves to an unexpected version, your PATH is ordering the system copy ahead of Homebrew's, which you fix by putting the Homebrew bin directory first in ~/.zshrc.

How do I keep my Mac Python installation secure?

Update it regularly with brew upgrade python, use a virtual environment per project instead of installing packages globally, verify package names before pip install to avoid typosquats, and scan your dependency files for known vulnerabilities.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.