To open Python on a Mac today you first have to install it, because recent versions of macOS no longer ship Python at all — Apple removed the bundled /usr/bin/python (Python 2.7) in macOS Monterey 12.3, and no Python 3 is included by default either. If you have followed an old tutorial that says to just type python in Terminal, that is why it fails or throws a "command not found" style error. The modern answer is: install a real Python 3, verify what you installed, and know which interpreter your commands are actually running. This guide walks that path and flags the security decisions hiding inside each step.
Why macOS No Longer Includes Python
For years macOS bundled Python 2.7 at /usr/bin/python. Apple signaled the end of that in the macOS Catalina 10.15 release notes, warning that future versions would not include scripting-language runtimes by default. It followed through in Monterey 12.3, which removed /usr/bin/python entirely. Python 2 itself reached end of life on January 1, 2020, so this was cleanup of software that no longer received security fixes.
The takeaway for setup: do not go looking for a system Python to run. Even where an old macOS still has one, it is unmaintained Python 2 and should never be used for anything that touches untrusted input or the network. You want a current, supported Python 3 that you installed and can update.
Checking What You Already Have
Open Terminal (Applications, Utilities, Terminal) and check before installing anything:
python3 --version
which python3
On many developer Macs a Python 3 is already present — pulled in by the Xcode Command Line Tools or a previous install. If python3 --version prints something like Python 3.12.x, you have a working interpreter and can open the REPL right now:
python3
That drops you into the interactive prompt (>>>), which is what most people mean by "opening Python." Type exit() or press Control-D to leave. If python3 is missing or reports an old version, install a current one using one of the two approaches below.
Note the deliberate use of python3, not python. On macOS the bare python command is unreliable — it may not exist, or may point at something unexpected. Being explicit about python3 avoids running the wrong interpreter, which is both a correctness and a security concern.
Installing Python: Official Installer vs Homebrew
Two mainstream, trustworthy routes exist. Both are fine; the security-relevant part is where you get the bytes.
Option 1 — the official python.org installer. Download the macOS installer from python.org directly. Because this is a downloaded, code-signed package, the security rule is to get it only from the official domain over HTTPS and let macOS Gatekeeper verify the signature when you run it. Do not grab a Python .pkg from a random mirror, a forum link, or a search ad — a tampered interpreter installer is a total-compromise event. After installing, the official package updates your path so python3 and pip3 resolve to the new version.
Option 2 — Homebrew. If you use the Homebrew package manager, install Python with:
brew install python
brew --version
python3 --version
Homebrew is a reasonable choice because it keeps Python patchable alongside your other tools (brew upgrade python), which matters for security — an interpreter you never update accumulates known CVEs. Install Homebrew itself only from its official site (brew.sh), and be aware you are trusting the Homebrew project and its formula for Python. That is a defensible trust decision for most developers, but it is a trust decision, so make it consciously.
Whichever you pick, verify afterward:
python3 --version
which python3
pip3 --version
Opening Python Safely: The REPL, Scripts, and IDEs
Once installed, "opening Python" takes a few forms. The interactive REPL (python3) is best for quick experiments. To run a script, use python3 script.py. Most day-to-day work happens inside an editor like VS Code or PyCharm, which lets you select the interpreter — point it at the Python 3 you just installed, not at any lingering system one.
The security discipline starts the moment you install packages. pip3 install pulls code from PyPI and runs it in your environment, and typosquatted or malicious packages are a real and recurring supply-chain threat. Two habits reduce the blast radius:
# create an isolated environment per project
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
First, always work inside a virtual environment (venv). It isolates a project's dependencies so a bad package cannot contaminate your global interpreter or other projects, and it keeps your system Python clean. Second, install from a pinned requirements.txt (or a lockfile) with versions you control, rather than pip install <whatever> on a whim — double-check the package name, because installing python3-dateutil when you meant python-dateutil is exactly how typosquat attacks land.
Because those dependencies are third-party code you did not write, they carry the same known-vulnerability risk as any other library. An SCA tool such as Safeguard can flag a known-vulnerable package in your requirements.txt, so a compromised or outdated dependency is a finding rather than a surprise. For the wider defensive picture around Python code itself, our Python static analysis guide is a good next read.
Keeping Your Python Updated
Installing Python is not a one-time act. Interpreter releases ship security fixes, and an out-of-date Python 3 is as much a liability as the removed Python 2 was. If you installed via Homebrew, brew upgrade python keeps you current. With the official installer, install new point releases from python.org as they come out. Periodically re-run python3 --version to confirm you are on a supported line — the Python project publishes end-of-life dates per minor version, and running one past EOL means no more security patches.
FAQ
Why does typing "python" do nothing on my Mac?
Because macOS removed the bundled Python — Apple deleted /usr/bin/python (Python 2.7) in Monterey 12.3, and no Python 3 ships by default. Install a current Python 3 and use the python3 command, which is the reliable name on macOS.
Should I use the python.org installer or Homebrew?
Both are trustworthy. The official installer is simplest and code-signed; get it only from python.org over HTTPS. Homebrew makes ongoing updates easy with brew upgrade python, which helps you stay patched. Either is fine as long as you install from the official source.
Is the old system Python on my Mac safe to use?
No. Where an older macOS still has /usr/bin/python, it is unmaintained Python 2, which reached end of life in January 2020 and receives no security fixes. Do not use it — install and use a supported Python 3 instead.
How do I install Python packages safely?
Create a virtual environment per project with python3 -m venv, activate it, and install from a pinned requirements.txt. Double-check package names to avoid typosquats, and scan your dependencies for known vulnerabilities rather than trusting that everything on PyPI is safe.