AppLocate is a Windows CLI utility designed to locate installed applications and their associated executables, configurations, and data files. It provides a comprehensive solution for discovering application paths by querying multiple sources, including registry keys, Start Menu shortcuts, running processes, PATH directories, MSIX packages, and popular package managers like Scoop, Chocolatey, and WinGet.
Key Features:
Multi-source Discovery: AppLocate searches across the registry, Start Menu shortcuts, running processes, PATH directories, Windows services, and package manager installations to ensure comprehensive coverage.
Confidence Ranking: Results are ranked by confidence based on evidence from multiple sources, ensuring accurate and reliable output.
Package Manager Support: It supports locating applications installed via Scoop, Chocolatey, WinGet, and other common tools.
Structured Output: AppLocate provides results in JSON, CSV, or text formats, making it ideal for scripting and automation.
Efficient Execution: The tool runs without requiring administrative privileges, network access, or execution of discovered binaries.
Audience & Benefit:
Ideal for system administrators, developers, and IT professionals who need to manage or troubleshoot applications on Windows systems. AppLocate saves time by providing fast, deterministic results that can be used for backup, migration, troubleshooting, or scripting purposes.
AppLocate is available as a pre-built binary and can be installed via winget.
README
applocate
Find any app on Windows — instantly.
Ever needed to locate where an application is actually installed? Or find its config files for backup, migration, or troubleshooting? AppLocate searches registry keys, Start Menu shortcuts, running processes, package managers, and more. It then ranks results by confidence and returns structured output you can script against.
Inspired by Linux's locate—but purpose-built for Windows application discovery.
No admin required. No network calls. No executing discovered binaries. Just fast, local discovery with deterministic JSON/CSV/text output.
Features
Unlike single-purpose tools that check one location, AppLocate casts a wide net—querying the registry, Start Menu shortcuts, running processes, PATH directories, Windows services, MSIX packages, and popular package managers like Scoop, Chocolatey, and WinGet—all in parallel. Results from every source are merged, deduplicated, and ranked by confidence so you get a single authoritative answer instead of hunting through scattered system locations. Need to find where that mystery node.exe is actually running from? AppLocate sees it live and traces it back to its install root.
AppLocate runs all discovery sources in parallel, streams results through a ranking pipeline, and collapses to the best hits per type. For a detailed architecture walkthrough—including source APIs, scoring components, and output flow—see the Dataflow Diagram.
Installation
Pre-built binaries are available for Windows x64 and ARM64. Choose your preferred method:
# Find VS Code installation and config paths
applocate code
# Get JSON output for scripting (e.g., backup settings)
applocate "visual studio" --json --config
# Find where a running process lives
applocate node --running --exe
# Locate Git install directory for PATH debugging
applocate git --install-dir --json | ConvertFrom-Json | Select-Object -Expand path
# Find all Chrome data (profiles, cache) with evidence of where it came from
applocate chrome --data --all --evidence
Options (implemented CLI surface):
Input:
App name / alias / partial tokens
-- Treat following tokens as literal query
Output Format:
--json | --csv | --text Output format (default: text)
--no-color Disable ANSI color in text output
Filtering:
--user | --machine Scope filters
--exe | --install-dir | --config | --data Type filters (combinable)
--all Return ALL hits (no per-type collapsing)
--confidence-min Minimum confidence threshold (0-1)
--limit Max results after filtering
Sources:
--running Include running process enumeration
--pid Target specific process id (implies --running)
Output Enrichment:
--evidence Include evidence dictionary
--evidence-keys Only specified evidence keys (implies --evidence)
--score-breakdown Show scoring component contributions per result
--package-source Show package type & source list in text/CSV
Performance:
--threads Max parallel source queries (default: min(CPU,16))
--timeout Per-source soft timeout (default: 5)
Diagnostics:
--verbose Verbose diagnostics (warnings)
--trace Per-source timing diagnostics (stderr)
--help Show help
Default Behavior
Without --all, results are intelligently collapsed:
exe: Up to 3 high-confidence executables from distinct directories, each paired with its install directory. Variant siblings (e.g., multiple installed versions) may also surface.
config / data: Single best hit per type, tie-broken by scope (machine > user) then evidence richness.
Use --all to see every distinct hit (useful for debugging ranking or alternate install roots).
Exit Codes
0: Results found, or help displayed (when run without arguments or with --help)
Least privilege by default (no admin required for core features)
Read-only posture – only queries registry, file system, and package managers
Output sanitization to prevent terminal injection
For enterprise deployments or security-conscious environments, see SECURITY_REVIEW.md for a detailed threat model, attack surface analysis, and hardening recommendations.
