What's New

Every release, from newest to oldest.

v0.4.0 March 27, 2026 Latest

Code Quality Overhaul

  • Unified install pipeline — CLI and web UI share one code path instead of duplicated logic
  • Express asyncHandler middleware replaces boilerplate try-catch in 33 route handlers
  • Shared RepoCard component eliminates duplicate card markup across pages
  • Extracted useAppDetail hook and deduplicated formatting utilities
  • Parallel API calls during install — getRepoInfo + resolveBinaryInstall run concurrently

Security Hardening

  • README HTML sanitized with DOMPurify — prevents XSS from malicious repos
  • Binary downloads restricted to github.com domains only — prevents SSRF
  • Zip Slip defense — tar --no-absolute-filenames blocks path traversal in archives
  • Error messages sanitized — file paths and tokens stripped from API responses
  • Security headers added — X-Content-Type-Options, X-Frame-Options, Referrer-Policy
  • Env var blocklist expanded from 7 to 23 entries — covers LD_AUDIT, JAVA_TOOL_OPTIONS, PYTHONHOME, and more
  • Downloaded binaries restricted to owner-only execute (0700)

New Collections

  • 5 new curated collections across 3 categories (11 repos total)
  • Travel Planning — NOMAD self-hosted trip planner
  • OSINT Platforms — SpiderFoot, OSINTel Dashboard
  • Simulation & Prediction — MiroFish swarm engine, OASIS million-agent simulations
  • SaaS Replacements — Coolify, Dokku, CapRover, ERPNext, Twenty CRM, Frappe CRM

Env Var Configuration UX

  • Dashboard shows amber “Env vars needed” badge when required variables are unconfigured
  • Post-install wizard prompts users to configure required env vars immediately
  • Fixed installedRef type — removed as any cast in app management page
v0.3.0 March 22, 2026

Binary-First Installs

  • Pre-built binaries from GitHub Releases are now tried before cloning and building from source
  • Platform and architecture auto-detected — matches assets like *-darwin-arm64.tar.gz
  • Installs Go/Rust CLI tools in seconds instead of minutes
  • Auth-aware downloads — works with private repos when a token is configured
  • Streamed to disk to handle large assets without memory issues

Version Pinning

  • gitstore install owner/repo@v2.1.0 — install a specific release tag
  • Works for both binary downloads and source-from-tag clones
  • gitstore inspect owner/repo@tag previews what would be installed

12 Bug Fixes

  • Python: venv paths fixed on Windows, pip arg parsing, python3python on Windows
  • Go: cmd/ directory layout detected, v2+ module paths handled correctly
  • Docker: image name collisions fixed (now gitstore-owner-repo), --rm for container cleanup
  • Rust: build timeout increased to 45 min, workspace binary selection improved
  • Static: PORT literal replaced with actual port number
  • Install stream now routes through runtime handlers instead of raw shell commands
  • Crashed apps detected and marked as stopped automatically

Other Improvements

  • Git submodule support — --recursive added to clone
  • Docker image names sanitized for valid Docker naming rules
  • Binary updates: gitstore update re-downloads latest release for binary apps
v0.2.0 March 22, 2026

GitHub Integration

  • Sign in with your GitHub personal access token
  • My Stars — browse your GitHub starred repos with pagination
  • User Lists — create custom lists and organize repos your way
  • Authenticated user profile shown in My Stars page

No More gh CLI Dependency

  • All GitHub API calls now use direct REST API via fetch()
  • Works unauthenticated (60 req/hr) or with token (5,000 req/hr)
  • Rate limit errors show clear guidance to add a token

GitHub Trending

  • New Trending section on the Discover page
  • Daily, weekly, monthly filters with language selection
  • Results cached for 1 hour to reduce API usage

README Preview

  • Full README rendered with GitHub-flavored markdown on app detail pages
  • Dark-themed code blocks, tables, images, and links
  • Collapsible with show more / show less toggle

Settings & MCP

  • Settings page with GitHub token configuration and rate limit display
  • One-click "Configure for Claude" button writes MCP config automatically
  • MCP server command and Claude Desktop JSON config with copy buttons

Install Experience

  • Install wizard modal replaces raw alert() dialogs
  • 3-step flow: Confirm → Installing (with progress) → Done/Error
  • Docker moved to fallback — native runtimes detected first
  • Rust and Go runtime support added (Cargo.toml, go.mod)

Catalog Expansion

  • 3,547 repos across 746 collections from 30+ awesome-lists
  • Curate CLI: gitstore curate imports from awesome-lists
  • Community submit page for suggesting repos and sources

Desktop App

  • Tauri v2 desktop app (3.7 MB on macOS)
  • GitHub Actions CI for macOS, Linux, and Windows builds
  • Onboarding flow for first-time users
v0.1.0 March 21, 2026

Initial Release

  • Express backend with search, inspect, install, start/stop lifecycle
  • React web frontend with dark theme UI
  • Auto runtime detection: Node.js, Python, Docker
  • Risk assessment scoring for repos
  • Curated collections with 5 categories and 9 collections
  • MCP server integration for AI assistants
  • SQLite-backed app registry
  • Environment variable configuration per app