Private, self-hostable household inventory for shared homes.
Track items, warranties, documents, borrowing, and sensitive personal records from one calm React app.
English · Türkçe · Deutsch · Español · العربية
Preview · Why · Features · Security · Quick Start · Docs · Changelog · Roadmap
HomeInventory is built for families, roommates, and small households that need a practical inventory without turning private records into a shared spreadsheet.
Note
v2.2.0 is the current release line. It publishes the verified desktop launcher packages, documents the current launcher flow (initialize/launch, auto-open, QR/LAN access, logs, backups, settings, and port checks), closes the critical npm shell-quote advisory, syncs release metadata, and records the remaining upstream Tauri/GLib status.
- One household, many people: create or join homes, switch the active home, and keep shared inventory scoped to the right members.
- Real item records: track photos, rooms, locations, categories, quantities, warranty dates, invoice data, notes, and attachments.
- Camera-first mobile entry: take item and invoice photos directly from supported mobile browsers, or keep using gallery/file uploads.
- TypeScript-powered client: the React interface now runs on a TypeScript/Vite codebase, improving editor feedback, refactor confidence, and build-time checks.
- Sensitive data has a better place: Personal Vault keeps highly private records away from regular household search and collaboration.
- Fast lookup in daily life: use search, barcode scanning, QR labels, and mobile-friendly screens when you are standing in front of the shelf.
- Built to self-host: Express, SQLite, Docker support, environment documentation, and production secret-loading flows are included.
| Area | What it covers |
|---|---|
| Inventory | Items, camera/gallery photos, rooms, categories, locations, quantities, warranty and invoice metadata |
| Shared homes | Create homes, join with house access flows, switch active homes, and keep data scoped by membership |
| Borrow Center | Incoming, outgoing, and active lending records with clear request states |
| Personal Vault | Client-side encrypted vault flow for IDs, property documents, access codes, and sensitive notes |
| Shopping List | Manual and inventory-linked shopping items, completed history, and low-stock suggestions |
| Smart Maintenance | Recurring item-care tasks, overdue indicators, and automated next-due-date calculations |
| Labels and scanning | Barcode scanning, item QR labels, and mobile-friendly lookup |
| Backup and restore | Owner-only export/import flows with guarded confirmations |
| Auth and recovery | JWT auth, Google OAuth, email verification, TOTP 2FA, trusted devices, and recovery keys |
| Desktop Launcher | Optional Tauri GUI plus release packages for local setup, dependency checks, profile start/stop, automatic browser opening, backups, logs, advanced settings, port checks, and QR/LAN access |
| Internationalization | 100+ selectable UI locale packs with fallback behavior and automated validation checks |
- AES-256-GCM encryption at rest protects sensitive inventory, auth, and profile fields before they are written to disk or SQLite.
- Encrypted media handling strips image metadata and stores protected media blobs instead of raw uploads.
- Household-scoped authorization keeps rooms, categories, items, media, and backups limited to the active household membership.
- Personal Vault separation keeps highly sensitive records out of normal shared inventory flows.
- Rate limiting and hardened auth routes reduce brute-force and abuse risk around login, backup, and interactive endpoints.
- Dependency security maintenance keeps high-severity npm advisories closed in CI; the remaining Tauri/GLib advisory is tracked as an upstream Linux launcher dependency issue.
Important
HomeInventory uses strong server-side encryption, but the main inventory encryption key is still managed by the server. An operator with database access and runtime secrets can decrypt protected inventory data. Use Personal Vault for records that need stronger separation from shared household workflows.
React SPA (Vite, PWA, Tailwind)
|
v
Express API (JWT, OAuth, rate limiting)
|
v
SQLite storage + encrypted media
| Backend | Frontend |
|---|---|
| Node.js, Express, better-sqlite3 | React 18, Vite, Tailwind CSS |
| JWT, bcrypt, Passport Google OAuth 2.0 | React Router v6, react-i18next |
| Helmet, express-rate-limit, i18next | Lucide React, html5-qrcode |
| Sharp, encrypted media storage | PWA-ready responsive UI |
Choose the setup method that best fits your workflow:
For local/self-hosted use, the Desktop GUI Launcher can verify dependencies, configure a local environment, isolate database/uploads per profile, and run both frontend and backend services from one window.
- Download: Go to the GitHub Releases page and download the launcher package for your OS (
.dmgfor macOS,.exe/.msifor Windows,.AppImage/.deb/.rpmfor Linux). - Install & Open: Install and launch the application.
- Start: Click Launch HomeInventory. The launcher checks ports, starts the API and UI, then shows the local URL and a QR code for devices on the same network.
For isolation details and advanced settings, see GUI_LAUNCHER.md.
- Node.js 18+
- npm 9+
- Git
git clone https://github.com/asdteke/HomeInventory.git
cd HomeInventory
npm run install-allcp .env.example .envSet at least these values inside .env:
NODE_ENV=development
PORT=3001
SITE_URL=http://localhost:5173
JWT_SECRET=replace-with-a-long-random-secret
APP_ENCRYPTION_KEY=replace-with-32-byte-base64-or-64-char-hex-key
APP_ENCRYPTION_KEY_ID=2026-03-localTip
Generate secure secrets using openssl rand -hex 32 for JWT_SECRET and openssl rand -base64 32 for APP_ENCRYPTION_KEY.
npm run dev- Frontend:
http://localhost:5173 - Backend API:
http://localhost:3001
npm run build
npm startDeploy HomeInventory quickly using pre-configured containers:
docker compose up -dFor advanced configuration, reverse proxy setup, and production deployment, see DOCKER.md.
- DOCKER.md: Docker, reverse proxy, and self-hosting notes
- GUI_LAUNCHER.md: Desktop GUI Launcher setup, isolation details, and development guide
- README_ENVIRONMENT_SETUP.md: environment variables and secret-management setup
- CONTRIBUTING.md: contribution guidelines
- SECURITY.md: vulnerability reporting process
- CHANGELOG.md: release history and upgrade notes
- ROADMAP.md: short-term project direction
Recommended GitHub topics for maintainers: home-inventory, self-hosted, inventory-management, household, pwa, sqlite, express, react, docker, privacy, qr-code, barcode, 2fa.
The product ships with 100+ selectable UI locale packs. English and Turkish are the most actively reviewed product languages; other locales can fall back per key when a translation is incomplete.
Issues and pull requests are welcome. For larger changes, open an issue first so the implementation can stay aligned with the security model, household scoping, and localization structure.
HomeInventory is an independent open-source project. It is not affiliated with, endorsed by, or connected to any commercial product or company using a similar name.
MIT. See LICENSE.




