Upgrade management dashboard for Garuda Linux
garuda-pilot is a local web dashboard for managing system upgrades on any Arch-based distro — Garuda, CachyOS, EndeavourOS, Manjaro, vanilla Arch, and more. Despite the name, it is not Garuda-specific. It runs as a local web server on your machine — no data leaves your system, no accounts needed.
Start it with garuda-pilot and open
http://127.0.0.1:8471 in your browser.
There is no systemd service — run it when you want to review upgrades.
| Distro | Recommended upgrade | Health checks | Snapshots |
|---|---|---|---|
| Garuda Linux | garuda-update | garuda-health | garuda-update manages them |
| CachyOS | pacman + paru/yay | Built-in (11 checks) | snapper pre/post (if snap-pac absent) |
| EndeavourOS | eos-update | Built-in | snapper pre/post (if snap-pac absent) |
| Manjaro | pamac upgrade | Built-in | snapper pre/post (if snap-pac absent) |
| Vanilla Arch | pacman + paru/yay | Built-in | snapper pre/post (if snap-pac absent) |
Upgrade commands and health check backend are detected automatically at runtime.
See all pending updates before upgrading, sorted by risk score. Each package gets a 0-100 risk score based on category (kernel, graphics, system), news mentions, security advisories, hardware context, and version bump magnitude.
checkupdates (from pacman-contrib)
and queries pacman -Si for package details.
Each pending package is scored 0-100 with multiple factors combined additively:
| Kernel package | +40 |
| Graphics (nvidia, vulkan, etc.) | +30 |
| System (systemd, glibc, etc.) | +25 |
| Mesa | +20 |
| Xorg / Wayland | +15 |
| Critical CVE (security.archlinux.org) | +35 |
| High CVE | +25 |
| Medium CVE | +15 |
| NVIDIA module loaded + kernel update | +30 |
| Mentioned in Arch news | +20 |
| Mentioned in Garuda news | +15 |
| Major version bump (e.g. 1.x → 2.x) | +15 |
| Flagged out-of-date on archlinux.org | +10 |
| High reverse dependency count (>10) | +10 |
| Trivial package (docs, fonts, themes) | capped at 5 |
| Patch-only update (same base version) | capped at 10 |
Labels: low 0-19, medium 20-39, high 40-59, critical 60-100
Every past pacman transaction is imported from /var/log/pacman.log and searchable.
Drill into any transaction to see what was upgraded, installed, downgraded, or removed.
/var/log/pacman.log on first startup.
Each transaction is stored in the local SQLite database.
Arch Linux and Garuda Linux news are fetched and displayed with automatic package name extraction. You can see which of your installed packages are mentioned in news articles, and "manual intervention" posts are prominently flagged.
Vulnerability advisories from the Arch Security Tracker, filterable by severity (Critical/High/Medium/Low) and status (Vulnerable/Fixed). Packages with active CVEs get security badges on the preview page.
On Garuda Linux, runs garuda-health for 25+ system checks.
On all other Arch-based distros, runs 11 built-in parallel checks:
disk space (/, /home, /boot), failed systemd services, orphan packages,
pacnew/pacsave files, pacman DB lock, NTP sync, journal errors (24h),
swap usage, core dumps, and mirror freshness.
Results are stored as snapshots so you can track changes over time.
garuda-health on Garuda;
standard system tools (systemctl, pacman, journalctl,
timedatectl, coredumpctl) on other distros.
Detects your GPU vendor and loaded kernel modules at startup using lspci
and /proc/modules. This is used to flag dangerous combinations — for example,
a kernel update when the NVIDIA proprietary module is loaded.
lspci (from pciutils),
/proc/modules, uname -r.
No. garuda-pilot is read-only — it shows you what would be upgraded
and helps you assess the risk. You still run sudo pacman -Syu yourself.
It only fetches public data: Arch news RSS, Garuda forum RSS, Arch security advisories JSON, and Arch package metadata. It never uploads or sends any of your system information anywhere.
No. Start it with garuda-pilot when you want to review upgrades,
stop it with Ctrl+C.
By default at ~/.local/share/garuda-pilot/garuda-pilot.db (SQLite).
You can change this in ~/.config/garuda-pilot/config.toml.
News, security advisories, and Garuda forum posts are auto-refreshed when older than 2 hours. You can also click the Refresh button on each page to force a fetch. Package metadata from archlinux.org is fetched fresh on each preview refresh.
Yes — fully. All features work on any Arch-based distro. The upgrade launcher detects your distro
and recommends the right command. The health page uses garuda-health on Garuda and
11 built-in checks (disk space, failed services, orphan packages, NTP sync, etc.) everywhere else.
Packages like documentation, fonts, themes, locales, and shell completions that are unlikely to cause issues when upgraded. These are capped at a risk score of 5.
| Framework | Python 3.11+ / FastAPI (async) |
| Database | SQLite via aiosqlite (WAL mode) |
| Templates | Jinja2 with HTMX for dynamic updates |
| HTTP client | httpx (async, for RSS/JSON/API fetches) |
| Server | Uvicorn on 127.0.0.1:8471 (localhost only) |
| Dependencies | HTMX vendored locally — no CDN, works offline |
| Config | Optional TOML at ~/.config/garuda-pilot/config.toml |
Your upgrade history, news read states, health snapshots, and security data are stored in a local SQLite database. Use the button below to create a timestamped backup, or restore from a previous one.