You just downloaded ProcXray. Now what? This tutorial walks you through installation, your first launch, and every major feature — so you can go from zero to productive in about ten minutes. By the end, you’ll know how to navigate the interface, search processes with regex, inspect environment variables, verify code signatures, and more.
Quick Answer
ProcXray is a native macOS process monitor for developers. Install it by dragging the app to Applications, then launch it to see a live process list with tree view, regex search, environment inspection, code signature verification, and network/dylib analysis — all in a single window.
System Requirements
- macOS 14 (Sonoma) or later
- Apple Silicon (M1/M2/M3/M4) and Intel Macs both supported
- Download size: approximately 3 MB
- No dependencies, no Homebrew, no runtime installations
Installation
Step 1: Download. Grab the latest .dmg file from procxray.com.
Step 2: Open the DMG. Double-click the downloaded file. A Finder window appears with the ProcXray icon and an Applications folder shortcut.
Step 3: Drag to Applications. Drag the ProcXray icon onto the Applications folder. That’s the entire installation.
Step 4: First launch. Open ProcXray from Applications. On first launch, macOS Gatekeeper may show a dialog saying the app was downloaded from the internet. Click Open to proceed — ProcXray is code-signed and Apple-notarized.
You’ll be prompted to grant accessibility or full disk access permissions depending on your macOS version. These are required for ProcXray to read process details like environment variables and open file descriptors.
Your First Look: The Main Interface
When ProcXray launches, you’ll see a process list filling the main area of the window. Each row shows a process name, PID, CPU usage, and memory footprint.
The window uses a top-bottom split layout. Select any process in the upper list, and the detail panel below reveals a set of tabs: Overview, Security, ENV, History, Command Line, Info.plist, Entitlements, Modules, Open Files, and Connections. This is where the real power lives.
The toolbar at the top includes the search bar, view toggle (tree vs. flat), and refresh controls.
Essential Features Tour
Process Tree vs Flat List
By default, ProcXray shows processes in a tree view — each parent process displays its children nested underneath. This is invaluable when you need to understand what spawned what. For example, if you’re debugging a Node.js dev server, you’ll see the shell that launched node, which launched its worker threads, all in a clear hierarchy.
Toggle to flat list mode using the view switcher in the toolbar when you want a straightforward alphabetical or resource-sorted list. Use tree view for debugging process relationships; use flat list for scanning resource usage quickly.
Regex Search
The search bar at the top of the window accepts full regular expressions. As you type, the process list filters in real time — sub-millisecond response on most machines.
Some useful patterns to try:
node.*server— find Node.js processes running server scriptspython3.*manage— locate Django management commandscom\.apple\..*— show all Apple system processes (escape the dots for literal matching)^\d{4,}$— filter by PIDs with four or more digits (when searching PID column)webpack|vite|esbuild— find any active bundler process
The regex matches against process name, command-line arguments, PID, and executable path simultaneously.
Environment Variables
Select a process and click the Environment tab in the detail panel. Every environment variable the process was launched with is listed in a searchable, scrollable table.
This is critical for debugging. When your app behaves differently in CI vs. local, the answer is almost always in the environment. Look for PATH, NODE_ENV, DYLD_LIBRARY_PATH, HOME, or any custom variables your toolchain sets.
Click Copy All to export the entire environment as JSON — paste it into a .env file or a bug report.
Code Signature Verification
Click the Security tab to see whether a process binary is signed, who signed it, and what entitlements it holds. You’ll see:
- Signing status: signed, unsigned, or signature invalid
- Signing identity: the developer or organization name
- Entitlements: the specific capabilities the binary has been granted
This is useful for security audits, verifying that a third-party tool hasn’t been tampered with, or understanding why a process needs certain permissions.
Network & Module Inspection
The Connections tab shows all open network connections and listening ports for the selected process. You’ll see local and remote addresses, port numbers, and connection states. This helps you answer questions like “what is this process connecting to?” or “which process is using port 3000?”
The Modules tab lists every dynamic library loaded by the process. When you’re debugging a crash that might involve library version conflicts or unexpected dylib injection, this tab gives you the full picture without running vmmap or otool in the terminal.
Right-Click Context Menu
Right-click any process in the list to access quick actions:
- Kill Process — send SIGTERM to gracefully stop a process
- Force Kill — send SIGKILL when a process won’t respond
- Show in Finder — jump to the executable’s location on disk
- Copy PID — copy the process ID to clipboard
- Copy Path — copy the full executable path
These save you from switching to Terminal for common operations.
Tips for Daily Use
Pin ProcXray to your Dock. If you’re a developer, you’ll reach for it as often as your terminal. Keeping it one click away makes a real difference.
Use regex search as your first move. Before scrolling through hundreds of processes, type a pattern. Even a simple substring like docker or java narrows the list instantly.
Check environment variables before checking code. When something behaves unexpectedly, the environment tab often reveals the answer faster than reading source code. Missing PATH entries, wrong HOME directories, and stale tokens are common culprits.
Use tree view during build debugging. When a build is slow or failing, switch to tree view and watch your build tool’s process subtree in real time. You’ll see exactly which compilation steps are running, which are stuck, and which have exited with errors.
FAQ
Does ProcXray require root or sudo access?
No. ProcXray runs as a regular user application. It uses standard macOS APIs to read process information. Some features like environment variable inspection may require the accessibility or full disk access permission you grant on first launch, but no root privileges are needed.
How does ProcXray handle short-lived processes that appear and disappear instantly?
ProcXray captures processes the moment they spawn and highlights them in green. When a process exits, it’s highlighted in red and retained in the list so you can still inspect its details. This is especially useful during builds, where compiler and linker subprocesses often live for less than a second.
Can I use ProcXray alongside Activity Monitor?
Absolutely. They serve complementary purposes. Activity Monitor is fine for a quick glance at overall system resource usage. ProcXray gives you the developer-focused depth — process lineage, environment data, signatures, and network connections — that Activity Monitor doesn’t provide.
Download ProcXray → — free 14-day trial with all premium features.