Skip to content


A catalog is a collection of packages that have successfully built. When you successfully build via flox build and publish via flox publish, the package produced by the build is pushed to your catalog. Other developers can then subscribe to your catalog and consume your packages. On the surface a catalog sounds similar to Nixpkgs, but it actually has a number of important benefits that we'll examine below.

No need to publish source code

As a business your code may be your unique value proposition, and exposing that code would mean losing your competitive advantage. The catalog contains references to packages that have built successfully, meaning that other developers can consume packages you've published without needing access to your source code, which isn't possible with plain Nix and Nixpkgs.

Packages will always build

A package that has been published to the catalog is a package that has built successfully. Flox users never have to worry that a build will sporadically fail for unknown reasons. If it's in the catalog, it builds. Period.

Package history

The catalog contains a historical record of package builds, which alone comes with a number of benefits. When a security vulnerability is discovered in one of your dependencies you now have a record of whether that dependency has hit production, and if so for how long you have been exposed to the vulnerability. Security vulnerabilities aside, having a historical record of successful package builds means that flox users can also depend on software that's no longer in Nixpkgs.

Upgrade policies

With access to a timeline of package builds, flox users can decide for themselves where they want to live on the spectrum of package stability. Even when you've pinned a dependency to a specific version, its dependencies may be upgraded to provide better performance, fix security vulnerabilities, etc. A package built against different dependencies is no longer the same package, even if its source code is the same!

The catalog lets you decide when and how to upgrade via a "stability" mechanism that's tracked for each package. The catalog provides 3 stabilities (stable, staging, and unstable), and the public version of flox retains the latest three package versions at each stability level.