Security / CVE scan
Surfaces known vulnerabilities in what you've installed, with a dedicated Homebrew CVE pass. Add an NVD key for higher rate limits.

347 tools, and counting.24 with security issues
catalog takes stock of every developer tool you've installed, explains what each one is, and tells you what's risky, stale, or just taking up space. Here's the loop.
One pass reads every package manager on your Mac into a single list. Homebrew, Cargo, npm, pipx, uv, Go, Bun and the App Store, deduplicated and searchable.
Point it at your own LLM and catalog writes a plain-English description, aliases and tags for each tool. A binary you don't recognise stops being a mystery.
Then it audits: known CVEs, available updates, disk hogs, broken symlinks and PATH conflicts. Keep what earns its place; uninstall the rest with confidence.
catalog scans every package manager on your Mac into one searchable index, so the tool you only half-remember is one keystroke away.
Point catalog at your own LLM and it writes a plain-English description, aliases and tags for every tool, one at a time or the whole catalog at once.
Beyond listing what you have, catalog checks it: what's vulnerable, what's out of date, and what's quietly wasting space.
Surfaces known vulnerabilities in what you've installed, with a dedicated Homebrew CVE pass. Add an NVD key for higher rate limits.
See which tools have a newer version waiting, then generate a script to update them all in one go.
Measure what each tool actually costs on disk, and find the hogs.
Flags broken symlinks and PATH shadowing, two tools answering to the same name.
Verifies the external tools catalog itself relies on are present.
Edit any color, swap the font and corner radius, or generate a palette from a word with AI. Try it on the preview, then keep up to twenty of your own and share them as a file.
Connect your GitHub account to browse the repos you've starred, read their READMEs inline, and star or unstar without leaving the app.
The questions Claude figured you'd have, answered up front. Anything it missed,reach out orread the source.
Yes, completely. It's free and open source under the MIT license, so you can read every line, fork it, or build it yourself.
A Mac. catalog is a native macOS desktop app built with Tauri 2. There's no Windows or Linux build today.
Homebrew, Cargo, npm, pipx, uv, Go, Bun, and the Mac App Store (mas). Each tool is deduplicated into one searchable list.
No. Your catalog lives in a local database on your Mac. The only network calls are ones you opt into: CVE lookups, GitHub, and the AI describe step, which runs through a provider you choose.
No keys are baked in. You bring your own provider: the claude or codex CLIs, a local ollama model, or any custom command. With ollama it runs fully offline, and prompts are built only from metadata, never by running your binaries.
It checks your installed versions against known CVEs, including a dedicated Homebrew pass. An optional NVD API key raises the rate limit, but isn't required.
No. It uses GitHub's device-flow OAuth; the token is stored in the macOS Keychain and is never exposed to the web layer.
Yes. Pick light and dark defaults, edit a full custom theme (colors, font, corner radius), generate a palette from a 'vibe' with AI, and import or export themes as files.