Software creation jumped 10–100x. Library discovery didn't.

AI agents compose entire applications from parts. But they pick dependencies blind — same 32–39 libraries, 60% of capability categories (12 of 20), 49% with known vulnerabilities. Starlog is the discovery layer that's missing.

$npx starloghq init

Star on GitHub

The Problem

Your agent can't find the library. So it ships you the maintenance burden.

AI coding agents can't see what already exists, so they default to custom code. Every reinvented wheel is technical debt you didn't choose — unreviewed, unmaintained, and yours to own.

Without Starlog

You ask “add authentication” — your agent hand-rolls it:

→ 150-line custom JWT handler

→ Hardcoded bcrypt rounds

→ No session management

→ No MFA, no OAuth, no breach recovery

Technical debt you now own, review, and maintain.

With Starlog

Your agent reaches for what already exists:

→ Clerk / Auth0 / Supabase Auth

→ 3 lines of integration code

→ SOC 2 compliant out of the box

→ MFA, OAuth, breach recovery included

Maintained, reviewed, and battle-tested by someone else.

83%¹

of the time, agents pick different libraries for an identical project-setup task

60%²

of capability categories, agents default to custom over existing libraries (12 of 20)

49%³

of AI-imported dependencies carry known vulnerabilities

96%⁴

of open-source CVEs hit dependencies outside the 20 most-used — the obscure long tail agents reach for

Stop building custom. Install Starlog

1 Twist et al. — “LLMs Love Python” (arXiv:2503.17181, King’s College London) — 32–39 unique libraries, 83% inconsistency across 8 models. 2 amplifying.ai — “What Claude Code Actually Chooses” (2,430 recommendations, 20 categories). 3 Endor Labs — “State of Dependency Management 2025”. See also Socket.dev on slopsquatting — AI-hallucinated packages weaponized as supply-chain attacks. 4 Chainguard — “The State of Trusted Open Source” (Mar 2026).

See It Work

Same prompt. Same agent. One has a map.

Starlog adds one tool call before the agent writes code — a search across structured capability data. Here's what changes.

starlog — live

Terminal recording: starlog search returns ranked library recommendations, then starlog init wires Starlog into every coding agent

See the ranking up close →

The Fix

What becomes scarce is not code. It's knowing what's already been built.

Capability Manifests

Not documentation. Not READMEs. Structured, machine-readable descriptions of what each indexed library actually solves — which stacks they fit, when to skip them, and what hosted alternatives cost less than building custom.

Capability-Aware Search

Your agent asks ‘I need auth for a Next.js SaaS’ and gets ranked results with integration effort, health signals, and a concrete comparison: ‘Clerk eliminates 2–4 weeks of auth infrastructure work.’

One-Command Setup

npx starloghq init. MCP server configured. PostToolUse hook installed. Your agent starts using Starlog for dependency decisions — in our benchmark it called the tool on every one.

25 libraries across 7 capability categories

How Starlog works, in depth →

Before your agent installs a package, it can check the receipts — known CVEs, license traps, abandonment, and your org's own bans. See package vetting in action →

Proof

240 runs. 4 vendors. Facts an agent can't recall.

78%

correct decisions with facts (from 20%)

Opus 4.8GPT-5.5Gemini 3 ProDeepSeek V4 Pro

Full methodology and tables →

Get Started

Three steps. Under a minute. Every agent.

Next time your agent needs auth, it'll reach for Clerk — not hand-roll a JWT parser. Keyword ranking works offline out of the box; no key, no account.

Install

npm install -g starloghq
starlog init

Requires Node 20+. Wires the MCP server, the install hook, and per-agent instruction files. Just trying it? npx starloghq init works too — but install globally for a permanent setup (npx paths are temporary and get cleared).

Restart your agent

Claude Code, Cursor, Copilot, and Codex pick up the new MCP server and instructions on restart.

Verify

starlog doctor

Shows the active ranking mode and flags anything missing — corpus, MCP server, hook, and agent configs in one pass.

Ranking: keyword is the default and needs no setup. Semantic ranking is optional and experimental — starlog init --api-key <key>. get a key → Details →

Scope: the starlog_search tool runs in Claude Code; Cursor, Copilot, and Codex get instruction files. The starlog CLI works in any terminal.

Update: npm i -g starloghq@latest. Full reference →