- Add get_timestamp() helper and optimize log rotation
- Create mo log viewer with search/filter capabilities
- Improve test coverage to 18.4% with better assertions
- Add security fixes for grep injection prevention
- Validate bundle_id format (reverse-DNS) in stop_launch_services() to prevent glob injection attacks
- Add common word exclusion list for LaunchAgents name search to avoid false positive matches (Music, Notes, Photos, etc.) - Add security comments explaining symlink handling in remove_file_list()
- Improve brew_uninstall_cask() timeout handling: exit code 124 now returns failure immediately
- Update SECURITY_AUDIT.md with remediation details
- Replace parentheses with commas for supplementary info
- Use commas instead of em-dashes for separators
- Update bullet points from - to * in some contexts
- Improve version extraction regex with fallback logic
- Add fallback to mo --version when brew list fails
- Add error handling for debug log write failures
- Improve version extraction with multiple fallback strategies
Previously, apps matching DATA_PROTECTED_BUNDLES patterns (VPNs, dev tools, etc.)
could not be uninstalled because should_protect_path blocked their deletion.
Now use MOLE_UNINSTALL_MODE to distinguish between cleanup and explicit uninstall,
allowing users to remove these apps when they choose to while still protecting
their data during normal cleanup operations.
Also allow deletion of installer receipts in /private/var/db/receipts/.
- Disable sensors data collection (CPU temp already shown in CPU card)
- Remove unused sensor-related functions (collectSensors, prettifyLabel, hasSensorData, renderSensorsCard)
- Remove unused gopsutil/sensors import
- Fix inline spinner disown call with explicit PID
- Update version from 1.22.0 to 1.22.1
- Update SECURITY_AUDIT.md to match new version and date
- Speed up spinner animation from 100ms to 50ms for smoother visuals
- Fix spinner flicker by deferring stop until output is ready
- Remove unnecessary 'Preparing...' spinner at section start
- Hide whitelist-protected items from output (Trash, Finder metadata)
- Add spinner feedback for system diagnostic log cleanup
- Remove redundant stop_section_spinner calls in cleanup modules
The cleanup process now feels significantly faster and more polished,
with continuous visual feedback and no jarring gaps between operations.
- Modified FORCE_CHAR mode in read_key() to recognize arrow keys and space
- Users can now navigate and select items while typing in search mode
- Improves UX by eliminating need to press Enter before selecting
- ESC key still works to cancel search
This restores V1.19.0 behavior where navigation worked during search
- Changed from `command -v PlistBuddy` to `[[ -x /usr/libexec/PlistBuddy ]]`
- PlistBuddy is not in PATH, it's at /usr/libexec/PlistBuddy on macOS
- Previous code would always return early, making Dock cleanup never work
- Also improved fallback logic for already-deleted apps
- Tested and verified Dock icons are now properly removed after uninstall
CRITICAL SECURITY FIX
Enhanced the receipt file parsing in uninstall operations to prevent
accidental deletion of critical system files while maintaining deep
cleanup capabilities.
Changes:
- Tightened whitelist in find_app_receipt_files() to exclude /Users/*,
/usr/*, and /opt/* broad patterns
- Added explicit blacklist for /private/* with safe exceptions for
logs, temp files, and diagnostic data
- Integrated should_protect_path() check for additional protection
- Added file deduplication with sort -u to prevent duplicate deletions
- Removed dry-run feature from batch uninstall (unused entry point)
Path Protection:
✅ Blocked: /etc/passwd, /var/db/*, /private/etc/*, all system binaries
✅ Allowed: /Applications/*, specific /Library/* subdirs, safe /private/* paths
✅ Additional: Keychain files, system preferences via should_protect_path()
This fixes a critical security issue where parsing .bom receipt files
could result in deletion of system files like /etc/passwd and /var/db/*,
leading to system corruption and data loss.
Affects: V1.12.14 and later versions
Testing: Validated against critical system paths, all blocked correctly
Remove -icanon mode from stty settings to fix password authentication
failures when passwords contain special characters like '.' or '@'.
The non-canonical mode (-icanon min 1 time 0) caused character loss
in Terminal.app. Using only -echo keeps canonical mode which provides
more reliable character handling across all terminal emulators.
- URL-encode paths when matching against Dock persistent-apps
- Fixes issue where apps with spaces in names (e.g. 'Clash Party') were not removed from Dock
Fixes#307
- Add Firefox to DATA_PROTECTED_BUNDLES to prevent cleaning
- Protects IndexedDB, localStorage, and other complex storage
- Prevents Gmail and other web apps from breaking after clean
- Add Homebrew cask detection and use 'brew uninstall --cask' for proper cleanup
- Add real-time progress feedback during uninstallation
- Optimize scroll performance by only redrawing visible items
- Replace Python-based Dock removal with PlistBuddy for better compatibility
- Add comprehensive tests for Homebrew functionality
Fixes#306
