CRITICAL SECURITY FIX
Enhanced the receipt file parsing in uninstall operations to prevent
accidental deletion of critical system files while maintaining deep
cleanup capabilities.
Changes:
- Tightened whitelist in find_app_receipt_files() to exclude /Users/*,
/usr/*, and /opt/* broad patterns
- Added explicit blacklist for /private/* with safe exceptions for
logs, temp files, and diagnostic data
- Integrated should_protect_path() check for additional protection
- Added file deduplication with sort -u to prevent duplicate deletions
- Removed dry-run feature from batch uninstall (unused entry point)
Path Protection:
✅ Blocked: /etc/passwd, /var/db/*, /private/etc/*, all system binaries
✅ Allowed: /Applications/*, specific /Library/* subdirs, safe /private/* paths
✅ Additional: Keychain files, system preferences via should_protect_path()
This fixes a critical security issue where parsing .bom receipt files
could result in deletion of system files like /etc/passwd and /var/db/*,
leading to system corruption and data loss.
Affects: V1.12.14 and later versions
Testing: Validated against critical system paths, all blocked correctly
Remove -icanon mode from stty settings to fix password authentication
failures when passwords contain special characters like '.' or '@'.
The non-canonical mode (-icanon min 1 time 0) caused character loss
in Terminal.app. Using only -echo keeps canonical mode which provides
more reliable character handling across all terminal emulators.
- Use partial redraw for search input updates instead of full screen refresh
- Reduces flickering when typing in the filter box
- Improve responsiveness of search interaction
- URL-encode paths when matching against Dock persistent-apps
- Fixes issue where apps with spaces in names (e.g. 'Clash Party') were not removed from Dock
Fixes#313
Change browser process detection from pgrep -f (full command line match)
to pgrep -x (exact process name match) to prevent false positives.
Microsoft Teams processes contain 'Microsoft' in their paths and may have
Chromium-based components, which was causing them to be incorrectly
identified as Microsoft Edge during clean operations.
Changes:
- Chrome detection: pgrep -f → pgrep -x
- Edge detection: pgrep -f → pgrep -x
- Edge updater detection: pgrep -f → pgrep -x
This approach is consistent with Firefox detection and prevents Apps like
Microsoft Teams, Microsoft Office, or other Microsoft products from
triggering false Edge detection.
All existing tests pass (9/9 in clean_browser_versions.bats).
- Fix display of invalid large values like 18446744073709544W
- macOS ioreg returns negative values as uint64 (two's complement)
- Detect overflow pattern (value > 2^63) and convert to signed
- Validate reasonable power range (-200W to 200W) for battery
- Add range validation for SystemPower (0 to 1000W)
Root cause: During charging, battery power is negative but ioreg
formats it as unsigned uint64, causing overflow. This fix properly
converts these values back to signed integers.
Fixes#307
- Add Firefox to DATA_PROTECTED_BUNDLES to prevent cleaning
- Protects IndexedDB, localStorage, and other complex storage
- Prevents Gmail and other web apps from breaking after clean
- Restore performance test threshold to 200ms (from 500ms)
User caching is highly effective (~8ms for 100 calls)
- Add unit tests for colorizeTemp() covering thresholds and edge cases
- Show full project paths (~/www/project) instead of just project names
- Sort artifacts by size descending (largest first)
- Increase path display width for better readability
- Support CMD+Click to open folders in terminal
- Add logic to remove 0-byte files in ~/Library (maxdepth 1)
- Explicitly protect .localized files to preserve Finder localization
- Respect global whitelist patterns
- Add safe cleanup for Antigravity, Filo, and Claude caches in Application Support (Cache, GPUCache, Code Cache only).
- Enhance VS Code cleanup to include deep rendering caches (GPU, Dawn) and extension installers.
- Validated to ensure no user data or pnpm/yarn executables are touched.
- Add Homebrew cask detection and use 'brew uninstall --cask' for proper cleanup
- Add real-time progress feedback during uninstallation
- Optimize scroll performance by only redrawing visible items
- Replace Python-based Dock removal with PlistBuddy for better compatibility
- Add comprehensive tests for Homebrew functionality
Fixes#306
