Open source

The CLI is open source.

By Albert 4 min read

le is the terminal version of Localhost Explorer: the same process intelligence, in a single static binary that runs on macOS and on Linux servers over SSH. As of today it's open source under MIT. The code is at github.com/alikatgh/le-cli, and the install is one line:

brew install alikatgh/tap/le

Run le and you get a live table of everything listening on localhost — port, process, working folder, risk, owner, and the stop command that will actually work:

PORT    PID     WHAT                DIR                 RISK    OWNER      STOP WITH
3000    38814   juice-shop          ~/code/juice-shop   medium  container  docker stop juice-shop
8001    43138   Django dev server   ~/code/api          low     terminal   TERM
27017   1183    MongoDB             /opt/homebrew/var   high    homebrew   brew services stop mongodb-community

Why open source, when the app costs $5

Because of what the tool does. le has exactly one irreversible action — sending a kill signal to a process on your machine — and a tool like that should let you read the code that decides when it's safe. The PID-recycle guard, the "refuse rather than guess" rules, the Docker and Homebrew re-checks: they're all in the repo, tested, and short enough to audit in an afternoon. The menu-bar app stays paid; it funds the work. The CLI is where you can check that the work is real.

Made for the terminal you already live in

Inside the TUI: / filters by port, name, or folder; 16 sort by any column, including the working directory, so everything one project spun up clusters together. Press o and the selected port opens in your browser. Press c and the row's stop command lands on your clipboard — via OSC 52, the terminal's own escape-sequence clipboard, which means the copy reaches your machine even when le is running on a box you SSH'd into.

Outside the TUI, everything scripts:

le list node --json        # structured output for jq
le stop --dir . -n         # preview: what would an end-of-day sweep kill?
le stop --dir .            # ...do it
le stop 3000 --json        # per-listener results, machine-readable
le ready 5432 -t 30s || exit 1   # CI: wait for the DB, bounded
le hold 3000               # keep a port occupied while you debug

--dir matches by working directory, so a monorepo's api, web, and worker die together. The dry-run flag exists because a bulk kill you can't preview is a bulk kill you won't trust.

The parts you can't see in a screenshot

The engine underneath is the one described in the engineering post: every stop re-verifies the PID's start time first, so a recycled PID never gets the signal meant for something else, and when identity can't be confirmed it refuses instead of guessing. The ps/lsof parsers run under LC_ALL=C and are fuzzed nightly in CI.

The repo also carries its own paper trail. The CLI went through three adversarial review rounds that found eighteen real bugs — several in versions we had already shipped — and the full reports live in docs/audits/, refuted candidates included. Release tarballs are checksummed and carry a signed build-provenance attestation you can verify before trusting a binary:

gh attestation verify le_*.tar.gz --repo alikatgh/le-cli

Take it apart

MIT means it's yours to read, fork, and ship inside whatever you're building. Issues and PRs are open; CONTRIBUTING.md lists the exact commands CI runs, and the test suite covers the code most tools this size never test — the kill path. If you find the bug our review rounds missed, the bar for the fix is already set: a regression test in the same commit.

Get the code.

MIT-licensed. macOS and Linux. brew install alikatgh/tap/le