Software creation jumped 10–100x. Library discovery didn't.

AI agents compose entire applications from parts. But they pick dependencies blind — same 35 libraries, 60% custom builds, 49% with known vulnerabilities. Starlog is the discovery layer that's missing.

$npx starloghq init

Star on GitHub

The Problem

Your agent can't find the library. So it ships you the maintenance burden.

AI coding agents can't see what already exists, so they default to custom code. Every reinvented wheel is technical debt you didn't choose — unreviewed, unmaintained, and yours to own.

Without Starlog

You ask “add authentication” — your agent hand-rolls it:

→ 150-line custom JWT handler

→ Hardcoded bcrypt rounds

→ No session management

→ No MFA, no OAuth, no breach recovery

Technical debt you now own, review, and maintain.

With Starlog

Your agent reaches for what already exists:

→ Clerk / Auth0 / Supabase Auth

→ 3 lines of integration code

→ SOC 2 compliant out of the box

→ MFA, OAuth, breach recovery included

Maintained, reviewed, and battle-tested by someone else.

83%¹

of the time, agents pick different libraries for an identical project-setup task

60%²

of capability categories, agents default to custom over existing libraries (12 of 20)

49%³

of AI-imported dependencies carry known vulnerabilities

96%⁴

of open-source CVEs hit dependencies outside the 20 most-used — the obscure long tail agents reach for

Stop building custom. Install Starlog

1 Twist et al. — “LLMs Love Python” (arXiv:2503.17181, King’s College London) — 32–39 unique libraries, 83% inconsistency across 8 models. 2 amplifying.ai — “What Claude Code Actually Chooses” (2,430 recommendations, 20 categories). 3 Endor Labs — “State of Dependency Management 2025”. See also Socket.dev on slopsquatting — AI-hallucinated packages weaponized as supply-chain attacks. 4 Chainguard — “The State of Trusted Open Source” (Mar 2026).

See It Work

Same prompt. Same agent. One has a map.

Starlog adds one tool call before the agent writes code — a search across structured capability data. Here's what changes.

starlog — live

Terminal recording: starlog search returns ranked library recommendations, then starlog init wires Starlog into every coding agent

Without Starlog

$agent “add authentication”

→ writing lib/auth/jwt.ts (147 lines)

→ writing lib/auth/bcrypt.ts (43 lines)

→ writing lib/auth/session.ts (88 lines)

× 278 lines of custom auth

× no MFA, no OAuth, no breach recovery

With Starlog

$agent “add authentication”

→ starlog_search(“auth”, stack=“next.js”)

↳Auth080+ OAuth providers

↳Clerkmanaged auth + UI

→ npm install @clerk/nextjs

✓ 3 lines. SOC 2. MFA + OAuth included.

The Fix

What becomes scarce is not code. It's knowing what's already been built.

npm has 2.5M+ packages. PyPI has 500K+. Only a fraction are actively maintained and production-suitable. Starlog gives agents structured capability data — not training data.

Every dependency decision is this same fork.

5 matches in the index for “auth for nextjs”

Auth0 Next.js SDKeasy

Implements user authentication in Next.js applications using Auth0 as the identity provider, handling login, logout, session management, token refresh, and middleware-based route protection with encrypted cookie-based sessions.

AWS Amplify (Cognito Authentication)significant

Provides a declarative JavaScript SDK for integrating Amazon Cognito authentication into frontend and mobile applications, handling sign-up, sign-in, MFA, OAuth/social login, and session management within the AWS ecosystem.

Clerkeasy

Provides a fully managed authentication and user management platform with pre-built UI components for sign-up, sign-in, and profile management, eliminating the need to build auth infrastructure from scratch.

Firebase Authentication (JS SDK)easy

Provides client-side authentication for web and mobile apps using Firebase's managed identity platform, supporting email/password, phone, anonymous sign-in, and federated identity providers (Google, Facebook, Apple, etc.) with no backend auth infrastructure to maintain.

Hankomoderate

Provides a complete open-source authentication and user management backend with passkey-first support, passwords, MFA, OAuth SSO, SAML Enterprise SSO, and pre-built web components for login/registration UI, serving as a self-hostable alternative to Auth0, Clerk, and Stytch.

Real responses from the Starlog index — captured 2026-06-01.

Pick any capability — it's the same fork. The agent reaches for Starlog on every dependency decision, 100% of the time.

Capability Manifests

Not documentation. Not READMEs. Structured, machine-readable descriptions of what 200+ libraries actually solve — which stacks they fit, when to skip them, and what hosted alternatives cost less than building custom.

Capability-Aware Search

Your agent asks ‘I need auth for a Next.js SaaS’ and gets ranked results with integration effort, health signals, and a concrete comparison: ‘Clerk eliminates 2–4 weeks of auth infrastructure work.’

One-Command Setup

npx starloghq init. MCP server configured. PostToolUse hook installed. Your agent starts using Starlog for every dependency decision — and it uses it 100% of the time.

Coverage

200+ libraries, indexed and ranked. Across 15 capability categories.

Not a list of packages — structured capability data for the dependency decisions agents actually face. New categories and libraries are added continuously.

Authentication

Payments & Billing

ORM & Database

Background Jobs

Feature Flags

Caching

Rate Limiting

Realtime

File Upload & Storage

Observability

Forms & Validation

i18n & Localization

PDF Generation

Proof

1,008 benchmark runs. 3 Claude models. The data speaks.

DIY rate measures how often agents build custom implementations instead of recommending existing libraries. Lower is better. Benchmarks ran on Claude models; the manifest data itself isn't model-specific.

Category	Without	With Starlog	Change
Authentication	39.6%	20.8%	-18.8pp
Feature Flags	37.5%	4.2%	-33.3pp
Caching	14.6%	0%	-14.6pp
Background Jobs	12.5%	0%	-12.5pp

The manifest data drives the effect, not the delivery mechanism. Context injection and tool use produced nearly identical results — 11.6pp vs 11.3pp DIY reduction.

100%

tool adoption

3/3

models supported

11pp

overall DIY reduction

Sonnet 4.5Opus 4.5Opus 4.6

$npx starloghq init

Get Started

Three steps. Under a minute. Every agent.

Next time your agent needs auth, it'll reach for Clerk — not hand-roll a JWT parser. Keyword ranking works offline out of the box; no key, no account.

Install

npm install -g starloghq
starlog init

Requires Node 20+. Wires the MCP server, the install hook, and per-agent instruction files. Just trying it? npx starloghq init works too — but install globally for a permanent setup (npx paths are temporary and get cleared).

Restart your agent

Claude Code, Cursor, Copilot, and Codex pick up the new MCP server and instructions on restart.

Verify

starlog doctor

Shows the active ranking mode and flags anything missing — corpus, MCP server, hook, and agent configs in one pass.

Ranking: keyword is the default and needs no setup. Semantic ranking is optional and experimental — starlog init --api-key <key>. get a key → Details →

Scope: the starlog_search tool runs in Claude Code; Cursor, Copilot, and Codex get instruction files. The starlog CLI works in any terminal.

Update: npm i -g starloghq@latest. Full reference →