That is a very broad question with no answer. There are many ways in which machines can and do get compromised, including via malicious websites and downloads which can install keyloggers and screencap software.
If you want absolute security for a password manager, install it on a freshly wiped machine with networking permanently off, and don’t ever sync the data to any outside service. This is a serious suggestion some people actually follow.
Popular software sometimes does get hijacked. For ex. https://blog.malwarebytes.com/threat-analysis/2016/09/transmission-hijacked-again-to-spread-malware/
Regarding homebrew specifically, I’m sure they take all the necessary precautions to prevent their build machines from being compromised, but nothing is ever 100%.
In order of increasing amount of work, here are some things you could do if you choose:
Install all homebrew packages using the -> MikeMcQuaid makes a great point below that you’re better off sticking with homebrew’s default binary package installation (bottles).
--build-from-source flag. Slow. Homebrew is focused on pre-built binary packaged software, so if you run into issues you’ll have work to do and you may not get much help.
- Review the homebrew formulas that install/build the packages you plan to install. Compare checksums and download locations with the actual source from the websites it comes from. Do this every time homebrew updates the version of the package source code.
- Review the various homebrew scripts and files that do all the work. Do this every time there is a homebrew update to any of those files - track and review any changes on the homebrew site before you do
- Review all of the source code and build scripts for each package you install, before you build it from source.
As you can see it’s an impossible task for entities who are not governments or large corporations. It comes down to how much you trust a group of people to be doing the best they can to keep things secure. Your password manager is never going to be 100% secure as long as you’re using the Internet on that machine. A good thing to do is to have a plan for what you would do if it ever gets broken into.