How to Use Topgrade Silently and Automatically for Multiple Update Protocols (Free)

In a recent thread on the effectiveness of available macOS app updaters, several people lamented that the FOSS command line tool Topgrade requires too much user intervention to be run with cron or launchd. In its default state, it can repeatedly prompt for the admin password, and in the event of an error with one of your services, it throws Quit or Retry queries that are showstoppers for unattended usage.

Topgrade checks all of your Homebrew and Mac App Store apps for updates, and if there are any available, it installs them. It also checks for updates for a long list of command line tools including Python, Node, Bun, and others. Now that it is possible to convert your existing apps to Homebrew-upgradable apps, you can conceivably handle the majority of your updates with a single free tool, which is important since MacUpdater will cease to function in less than two weeks.

After spending some time buried in the Topgrade documentation and doing some experimenting, I'm happy to share that it is possible to get it to work without password prompts or interruptions caused by service failures. Once you set it up, you can use cron, Keyboard Maestro, Shortcuts, or some other automation tool to run Topgrade on a schedule and keep your stack up to date with very little friction.

Step 1: Set up passwordless sudo

Note: This is safe to do if your Mac is a single-user device that you own. Don't do it on enterprise machines, and don't do it if you have others in your house who aren't trusted admins using your Mac.

1. At the command prompt, enter sudo visudo. This opens VIM, a Unix text editor that you have to use to edit this file. Don't try it with Text Edit or even nano.
2. Once the file loads, type just the letter "i" to enter insert mode. Use the cursor to navigate to the end of the file and enter
    <USERNAME> ALL=(ALL) NOPASSWD: ALL and press return.
3. On the next line, enter Defaults:<USERNAME> timestamp_timeout=-1
4. After you do that, press the Esc key to exit insert mode.
5. Type :wq and press enter to write and quit the file.

Step 2: Edit topgrade.toml

You can edit the Topgrade config file with nano or with a real IDE. Don't use Text Edit. The path is usually at the root of your home folder at

~/.config/topgrade.toml

Near the top of the file is a [misc] section. You need to enter these lines in that section and save the file: assume_yes = true no_retry = true cleanup = true

Once you've completed those steps, you can run topgrade --dry-run to test things out. If you don't encounter any issues, you're ready to use a suitable automation tool to schedule your upgrades in the future.

Note: If Topgrade updates services you don't really use or that you prefer to update separately, you can disable them. In my case, I don't use Bun, and I prefer to update my Docker containers myself. To disable a service, add another line under the same [misc] section where you entered the other information, and use this format for the services you want to turn off: disable = ["containers", "bun"]

Turn off Mac updates in Topgrade if you don't want them automatically installed.