Is installing Homebrew without admin privileges on macOS can reduce the attack surface or is it a bad idea ?
The way I do it is:
cd ~
git clone https://github.com/Homebrew/brew homebrew
Closing the terminal window
Adding this to .zshrc:
export PATH="/Users/%username%/homebrew/bin:$PATH"
Then open the terminal again and run:
brew analytics off
It may still ask for your password when installing certain things regardless of where you move the homebrew directory itself. I personally place it in ~/Documents since by default, no third-party apps can access can access ~/Documents so I can be certain only trusted apps I manually select have access to anything there. The list of apps with this permission can be seen in the “Files and Folders” part of the “Privacy & Security” settings.