OpenSource-Hub
B

Beaver Habit Tracker

1.8k stars·Clean Install·SHA-256 checksum verified

A self-hosted habit tracking app without goals. Simple, distraction-free, and privacy-focused.

Smart Download

Visit Project Homepage

No installer available yet — head to the source repository

A stress-free habit tracker without goals, self-hosted and privacy-first.

Core Features

  • No goals or streaks pressure – just track daily actions
  • Self-hosted via Docker, full control over data
  • Cloud SaaS option available at beaverhabits.com
  • Flexible storage: SQLite or JSON files
  • REST API for automation and integrations

What It Can't Do

  • Ensure the container user UID matches the host folder owner to avoid permission issues. By default, no authentication is required; set TRUSTED_LOCAL_EMAIL or other env vars for security.

Use Cases

  • Daily habit tracking (drink water, read, exercise)
  • Integrate with smart home or macro keys for quick logging
  • Ideal for users overwhelmed by rigid goal-based apps
  • Share a habit board within a team or family via self-hosted instance

Detailed Introduction

Beaver Habit Tracker is a self-hosted habit tracking application designed to help you build routines without the pressure of goals. It offers a clean, minimal interface for daily check-ins, focusing on the process rather than outcomes. You can self-host via Docker or use the cloud SaaS version. It supports multiple storage backends (SQLite or JSON file), provides a REST API, and integrates with Stream Deck, Apple Shortcuts, Home Assistant, and more. Inspired by Loop Habit Tracker, Beaver improves on simplicity and extensibility.

Troubleshooting & FAQ (2)

Troubleshooting
How to protect against stored XSS via custom CSS in BeaverHabits?

A stored XSS vulnerability (CVE pending) in BeaverHabits v0.9.0 allowed injecting </style><script> payloads into the custom CSS setting, breaking out of the <style> block and exfiltrating API tokens. While it is a self‑XSS requiring authenticated access, it still posed a risk. The fix (PR #207) introduces a sanitize_css() helper that strips all HTML tags before saving CSS. To apply: update to a version containing that PR or implement a tag‑stripping regex (e.g., re.search(r'<[^>]+>', css)) before saving the custom CSS input.

GitHub Issue #205
Troubleshooting
How to fix the password reset account takeover vulnerability in Beaverhabits when the token secret is empty?

The password reset token secret defaults to an empty string in Beaverhabits v0.9.0, allowing attackers to forge reset tokens if they know a user’s UUID. To fix, set the environment variable RESET_PASSWORD_TOKEN_SECRET to a strong, random value (never empty) before starting the application. For Docker, add it to your docker-compose.yml: environment: - RESET_PASSWORD_TOKEN_SECRET=your_strong_secret_here. Validate that it is set on startup to prevent misconfiguration. This workaround blocks the exploit; a future release should enforce non‑empty secrets at startup. See GitHub issue #204 for details.

GitHub Issue #204

Tags

habitsself-hostedtrackerdockerprivacyminimalistproductivity

Getting Started

1

Download installer

Click the button above to download the installer for your system

Visit Project Homepage
2

Install the software

Double-click the downloaded installer and follow the prompts

3

Run with Docker: docker run -d --name beaverhabits -p 8080:8080 daya0576/beaverhabits:latest

4

Open http://localhost:8080 in browser and start tracking

5

Mount a volume for persistence: -v ./beaver/:/app/.user/

Install Guide
  1. Run with Docker: docker run -d --name beaverhabits -p 8080:8080 daya0576/beaverhabits:latest
  2. Open http://localhost:8080 in browser and start tracking
  3. Mount a volume for persistence: -v ./beaver/:/app/.user/
File Integrity

Checksum not available

This project has not published a SHA-256 checksum on its GitHub Release page

SHA256 Checksum

No checksum available

Download directly from GitHub Releases and verify file integrity yourself

All SHA-256 checksums on this platform are extracted from the project's official GitHub Release page, without any modification. You can independently verify them on the GitHub Releases page.

Open Source Transparency

View GitHub Source
Environment Guide

Uninstall Info

Stop and remove container: docker stop beaverhabits && docker rm beaverhabits. Delete the mounted directory if you want to remove all data.

No Extra Dependencies

Ready to use after download. No additional runtime required.

Project Info
LicenseOther
Last Updated2026-06-26 13:05:35
GitHub RepositoryOfficial Website

Having issues? Check the FAQ below

2 FAQs

Similar Projects

W

WonderCMS

WonderCMS is an extremely small flat file CMS that requires no configuration – unzip and upload. It's fast, responsive and privacy-friendly, perfect for simple websites.