Maxx keeps every app on your Mac current, verified, and auditable.
Where competitors stop at detection, Maxx acts.
MacUpdater's backend went dark. 238 apps lost their update path overnight. Homebrew covers some. The App Store covers others. The rest drift — quietly accumulating security debt — until a CVE shows up and you realise you've been running a vulnerable version for four months.
Apps outside Homebrew or the MAS have no automatic update path. They fall behind silently.
You can't tell if a "Chrome update" is actually Chrome. TeamID verification closes that gap.
When did that app update? From where? What changed? Without provenance, you're guessing.
One protocol story — classify, query what he can verify, mark what he cannot, then act with provenance. No four equal cards shouting the same mood.
mas, Sparkle feeds, and vendor probes where they exist.
Maxx routes each app to the best available mechanism automatically. Homebrew Cask, MAS, Sparkle, native triggers — all unified under one protocol.
Maxx classifies each app and queries the sources he can verify. Where a lane has no independent version check, he marks it not checked — not current.
fixxr scanDays outdated × security tier. A browser 47 days behind ranks above a utility that just hit a minor version.
fixxr list --riskAI assessment runs before every rights elevation. Suspicious installs queue for your review. Everything else completes automatically.
fixxr updateWhere did this binary come from? What CDN? Was the TeamID consistent? SHA256 consensus from the community catalog?
fixxr provenanceTotal apps tracked, outdated count, CVE exposure, mean days outdated, pending safety reviews — in a single report.
fixxr reportNot a checkmark. An actual stamp — the visual payoff for the whole provenance system. When Maxx earns it, he puts his mark on the work.
TeamID chain unbroken. The new binary's signing identity matches the installed app. Same developer, verifiably.
SHA256 matches community consensus. Other FIXXR users saw the same binary. Or self-verified on first download and cached locally.
CDN domain consistent. Mozilla doesn't suddenly update from a domain in Russia. Google doesn't deliver Chrome from a sketchy CDN. Drift is caught.
The library is in order. Every tool verified and in its place.
Visibility → hygiene → provenance → intelligence. One product; depth is optional, not forced.
What’s installed and outdated.
Install via the right mechanism.
TeamID, SHA256, Green Seal.
CVE, risk rank, safety gate.
The FIXXR community catalog is an open dataset of verified app provenance. Every participant makes the catalog smarter for everyone who follows.
Open provenance data: download URLs, TeamIDs, SHA256, update mechanisms. Opt-in push — only whitelisted fields leave your machine.
For apps without automation, run fixxr watch "App" while you update manually.
Your observation can become the next person’s automation.
Menu bar app + CLI in one package.
Drag to Applications. No terminal required.
Maxx starts scanning immediately.
Signed and notarized. macOS 13+. No dependencies.
shasum -a 256 FIXXR-*.dmg
For developers and IT teams.
CLI-only setup with optional Homebrew integration.
curl -sSL https://fixxr.org/install.sh | bash
copy
macOS 13 Ventura or later · Apple Silicon and Intel supported · No dependencies required for the app
Homebrew integration available as an optional enhancement after install
Read the about page first if you prefer to review before running install scripts.
The installer source is at fixxr.org/install.sh and in the GitHub repo.