Every tool
you forgot
you installed.

Catalog indexes everything on your machine across every package manager, then tells you what it does, what's out of date, and what's quietly vulnerable.

Download for macOS0on GitHub

You've installed hundreds of tools. You remember maybe a handful.

347 tools, and counting.24 with security issues

From "what is
this binary?"
to a catalog you can trust.

catalog takes stock of every developer tool you've installed, explains what each one is, and tells you what's risky, stale, or just taking up space. Here's the loop.

  1. 1

    Scan

    One pass reads every package manager on your Mac into a single list. Homebrew, Cargo, npm, pipx, uv, Go, Bun and the App Store, deduplicated and searchable.

  2. 2

    Understand

    Point it at your own LLM and catalog writes a plain-English description, aliases and tags for each tool. A binary you don't recognise stops being a mystery.

  3. 3

    Maintain

    Then it audits: known CVEs, available updates, disk hogs, broken symlinks and PATH conflicts. Keep what earns its place; uninstall the rest with confidence.

Everything, in one list.

catalog scans every package manager on your Mac into one searchable index, so the tool you only half-remember is one keystroke away.

  • Multi-source scan. Homebrew, Cargo, npm, pipx, uv, Go, Bun and the App Store.
  • Instant search. Fuzzy match by name or tag over a virtualized list.
  • Group, favorite, tag. Organize by source or tag, star what matters.

Know what each one does.

Point catalog at your own LLM and it writes a plain-English description, aliases and tags for every tool, one at a time or the whole catalog at once.

  • Bring your own provider. The claude or codex CLIs, a local ollama model, or any custom command.
  • No keys baked in. You decide which model sees your list; ollama keeps it fully offline.
  • Metadata only. Prompts use name, version, source and path. catalog never runs your binaries.
  • Batch describe. Enrich one tool or your entire catalog in a single pass.

Audits, built in.

Beyond listing what you have, catalog checks it: what's vulnerable, what's out of date, and what's quietly wasting space.

Security / CVE scan

Surfaces known vulnerabilities in what you've installed, with a dedicated Homebrew CVE pass. Add an NVD key for higher rate limits.

Updates

See which tools have a newer version waiting, then generate a script to update them all in one go.

Disk usage

Measure what each tool actually costs on disk, and find the hogs.

Doctor

Flags broken symlinks and PATH shadowing, two tools answering to the same name.

Dependency check

Verifies the external tools catalog itself relies on are present.

Theme it your way.

Edit any color, swap the font and corner radius, or generate a palette from a word with AI. Try it on the preview, then keep up to twenty of your own and share them as a file.

Your within reach.

Connect your GitHub account to browse the repos you've starred, read their READMEs inline, and star or unstar without leaving the app.

  • Device-flow login. OAuth device code; the token lives in the macOS Keychain, never the web layer.
  • Stars & READMEs. Browse starred repos and read their docs inline.

Questioned &
answered.

The questions Claude figured you'd have, answered up front. Anything it missed,reach out orread the source.

Is catalog free?

Yes, completely. It's free and open source under the MIT license, so you can read every line, fork it, or build it yourself.

What do I need to run it?

A Mac. catalog is a native macOS desktop app built with Tauri 2. There's no Windows or Linux build today.

Which package managers does it scan?

Homebrew, Cargo, npm, pipx, uv, Go, Bun, and the Mac App Store (mas). Each tool is deduplicated into one searchable list.

Does it send my data anywhere?

No. Your catalog lives in a local database on your Mac. The only network calls are ones you opt into: CVE lookups, GitHub, and the AI describe step, which runs through a provider you choose.

Do I need an API key for the AI descriptions?

No keys are baked in. You bring your own provider: the claude or codex CLIs, a local ollama model, or any custom command. With ollama it runs fully offline, and prompts are built only from metadata, never by running your binaries.

How does the security scan work?

It checks your installed versions against known CVEs, including a dedicated Homebrew pass. An optional NVD API key raises the rate limit, but isn't required.

Does the GitHub login need my password?

No. It uses GitHub's device-flow OAuth; the token is stored in the macOS Keychain and is never exposed to the web layer.

Can I make it look the way I want?

Yes. Pick light and dark defaults, edit a full custom theme (colors, font, corner radius), generate a palette from a 'vibe' with AI, and import or export themes as files.