winget install --id=BogdanCalapod.pdq-cli -e A command-line interface for PDQ products. Query and manage devices, groups, packages, and deployments via the PDQ Connect API. Query devices, vulnerabilities, applications, and scan surfaces via the PDQ Detect API. This is an unofficial tool, not affiliated with or endorsed by PDQ.com.
Unofficial — not affiliated with or endorsed by PDQ.com
A command-line interface for PDQ products, written in TypeScript.
| Sub-command | Product |
|---|---|
pdq connect |  PDQ Connect — cloud endpoint management |
pdq detect |  PDQ Detect — vulnerability and risk management |
macOS / 
Linux (Homebrew)brew install bogdan-calapod/tap/pdq-cli
Windows (winget) — coming soonwinget install BogdanCalapod.pdq-cli
Grab the latest binary for your platform from the Releases page — no Node.js required.
| Platform | File |
|---|---|
| Linux (x64) | pdq-linux-x64 |
| Linux (ARM64) | pdq-linux-arm64 |
| macOS (x64) | pdq-macos-x64 |
| macOS (ARM64) | pdq-macos-arm64 |
| Windows (x64) | pdq-windows-x64.exe |
Linux install steps
# x64
chmod +x pdq-linux-x64
sudo mv pdq-linux-x64 /usr/local/bin/pdq
# ARM64
chmod +x pdq-linux-arm64
sudo mv pdq-linux-arm64 /usr/local/bin/pdq
macOS install steps
# Apple Silicon (M1/M2/M3)
chmod +x pdq-macos-arm64
sudo mv pdq-macos-arm64 /usr/local/bin/pdq
# Intel
chmod +x pdq-macos-x64
sudo mv pdq-macos-x64 /usr/local/bin/pdq
Note — macOS Gatekeeper: The binary is not notarized (Apple notarization requires a paid Developer account). macOS will block it on first run with "cannot be opened because the developer cannot be verified".
To allow it, remove the quarantine attribute:
xattr -d com.apple.quarantine pdq-macos-arm64 # or pdq-macos-x64
You only need to do this once, before moving the binary to your PATH. Alternatively, open System Settings → Privacy & Security, scroll down to the blocked app notice, and click Allow Anyway.
Windows install steps
Download pdq-windows-x64.exe, rename to pdq.exe, and move to a directory on your PATH (e.g. C:\tools\). Windows SmartScreen may show a warning on first run — click More info → Run anyway. Windows ARM devices can run the x64 binary via emulation.
Requires Node.js 22+.
git clone https://github.com/bogdan-calapod/pdq-cli
cd pdq-cli
npm install
npm run build
node dist/index.js --help
# or link globally:
npm link
PDQ Connect uses Bearer token auth. Provide your API key via env var (takes priority) or save it to the config file:
export PDQ_CONNECT_API_KEY=your_api_key_here
# or persist it:
pdq connect config set-key your_api_key_here
Generate an API key in PDQ Connect under Settings → API Keys.
PDQ Detect uses a FootprintApiKey header. Provide your key via env var or config file:
export PDQ_DETECT_API_KEY=your_api_key_here
# or persist it:
pdq detect config set-key your_api_key_here
The base URL defaults to https://detect.pdq.com. Override it if needed:
export PDQ_DETECT_URL=https://your-instance.example.com
# or persist it:
pdq detect config set-url https://your-instance.example.com
# or pass it inline:
pdq detect --url https://your-instance.example.com devices list
All list/get commands support --output table|json|csv (default: table).
pdq connect
pdq connect devices# List all devices (table output by default)
pdq connect devices list
# Filter by OS, group, or any device field
pdq connect devices list --filter os=windows
pdq connect devices list --filter name=~LAB --group grp_abc123
# Sort
pdq connect devices list --sort lastSeenAtDesc
# Output as JSON or CSV
pdq connect devices list --output json
pdq connect devices list --output csv > devices.csv
# Get a single device
pdq connect devices get dvc_abc123
pdq connect groupspdq connect groups list
pdq connect groups list --filter type=dynamic --output json
pdq connect packagespdq connect packages list
pdq connect packages list --filter name=~Firefox
pdq connect packages get pkg_abc123
pdq connect deployments# Deploy a package to a device and/or group
pdq connect deployments create \
--package pkg_abc123 \
--targets dvc_abc123,grp_xyz456
pdq detect
pdq detect devices# List all discovered devices
pdq detect devices list
# Filter
pdq detect devices list --os Windows --risk critical
pdq detect devices list --status active --scan-type agent
pdq detect devices list --tags "server,production"
# Sort
pdq detect devices list --sort riskLevel --sort-dir descending
# Get a single device (numeric ID)
pdq detect devices get 42
pdq detect devices get 42 os
pdq detect devices get 42 users
pdq detect devices get 42 vulnerabilities --state open
pdq detect vulnerabilities (alias: vulns)pdq detect vulnerabilities list
pdq detect vulns list --open-only
pdq detect vulns list --filter Log4j --filter-col summary
pdq detect vulns list --sort cvssBase --sort-dir descending --output json
pdq detect applications (alias: apps)pdq detect applications list
pdq detect apps list --risk critical
pdq detect apps list --filter Firefox --sort deviceCount --sort-dir descending
pdq detect apps get 123
pdq detect scan-surface# List scan targets
pdq detect scan-surface list
# Add IPs, hostnames, or CIDR ranges (triggers a scan immediately)
pdq detect scan-surface add 192.168.1.0/24
pdq detect scan-surface add host1.corp.local host2.corp.local --no-scan
# Trigger a full rescan
pdq detect scan-surface rescan
# Remove entries
pdq detect scan-surface delete 7 8 --delete-assets
pdq get-skillPrints a SKILL.md file that tells AI coding assistants how to use this CLI.
# Print to stdout
pdq get-skill
# Write directly to the OpenCode skills directory
pdq get-skill --out .opencode/skills/pdq-cli/SKILL.md
See DEVELOPMENT.md for build instructions, project structure, and release process.
MIT
Built with the assistance of AI (Claude by Anthropic).