Sure, Nix is extremely flexible in input definition, but it's different in the sense that Homebrew exposes a single command to e.g. install a cask from a user-inputted GitHub repository. So all an attacker needs to do is typo squat or take control of the GitHub repository that people are using to install a certain cask.
In Nix, flakes are pure functions and run in pure evaluation mode. One needs to consciously add a Git repository (URL + commit hash, branch, or tag) and then make use of something malicious exported by the input. But to find out what the flake exposes at all, reading the flake (or its documentation) is pretty much necessary.
All the Nix commands that take an 'installable' can take GitHub URLs. For instance:
$ nix run github:NixOS/nixpkgs#hello
Hello world!
That command will download nixpkgs from GitHub, evaluate the `hello` flake attribute, build it (or download it from a cache), and run it.
> But to find out what the flake exposes at all, reading the flake (or its documentation) is pretty much necessary.
If the flake exposes default packages or apps, then you do not need to provide a flake attribute:
$ nix run github:NixOS/nixpkgs
error: flake 'github:NixOS/nixpkgs' does not provide attribute 'apps.aarch64-darwin.default', 'defaultApp.aarch64-darwin', 'packages.aarch64-darwin.default' or 'defaultPackage.aarch64-darwin'
So you can run e.g. Alejandra [1], a Nix formatter, like so:
EDIT: For what it's worth, I think this feature can be useful sometimes, but it does also suffer from the same typosquatting problems as we see in other ecosystems.
In Nix, flakes are pure functions and run in pure evaluation mode. One needs to consciously add a Git repository (URL + commit hash, branch, or tag) and then make use of something malicious exported by the input. But to find out what the flake exposes at all, reading the flake (or its documentation) is pretty much necessary.