Optimization:
- Skip -name "*" in safe_sudo_find_delete when pattern matches everything
- Reduces unnecessary parameter passing to find command
- Improves performance for operations that scan all files
Rationale:
- find -name "*" is redundant as it matches everything by default
- Removing it reduces command overhead without changing behavior
Gradle build cache (~/.gradle/caches) is now protected by default whitelist,
similar to Maven repository. This prevents unintentional deletion of large
dependency caches that take time and bandwidth to re-download.
- Add ~/.gradle/caches/* and ~/.gradle/daemon/* to DEFAULT_WHITELIST_PATTERNS
- Remove Gradle cleanup from clean_dev_jvm() function
- Users can disable protection via 'mo clean --whitelist' if needed
Fixes#408
Issue #393 reported mo clean hanging on 'Scanning sandboxed apps'
and 'Scanning orphaned app resources'.
Root cause: should_protect_data() was looping through 332 patterns
(28 SYSTEM_CRITICAL_BUNDLES_FAST + 304 DATA_PROTECTED_BUNDLES).
For 662 sandboxed containers, this resulted in 220,000+ pattern matches.
Solution: Replace loops with fast case statement for common prefixes:
- com.apple.* (system apps) - instant return
- com.microsoft.*, com.jetbrains.* (IDEs) - instant return
- Password managers, VPNs, Docker etc. - instant return
- Other apps - instant return (no protection needed)
- Only check detailed list for special wildcards (com.tencent.* etc.)
Performance: Clean command maintains 35s (same as previous optimization)
Functionality: All 9 protection tests pass
Fixes text remnants and extra blank lines when spinner messages change.
Issues fixed:
1. Text remnants when switching from longer to shorter messages (e.g., 'Cleaning...ems...')
2. Extra blank lines appearing after section headers
Root causes:
- \033[K only clears from cursor to end of line, leaving remnants when new messages are shorter
- stop_section_spinner was clearing lines even when no spinner was running
Changes:
- lib/core/base.sh:
- Changed stop_section_spinner(), safe_clear_line(), safe_clear_lines() to use \033[2K
- Added guard in stop_section_spinner to only clear when spinner is actually running
- lib/core/ui.sh:
- Clear line once when starting spinner (before loop) to ensure clean start
- Normal spinner rotation uses \r without clearing (performance optimization)
Performance: Line clearing happens only once per spinner start, not on every loop iteration.
Fixes#390
- Replace time.After() with reusable timer to reduce GC pressure
- Use pre-compiled regex for app bundle matching (O(1) vs O(N))
- Fix Bash 3.2 compatibility (remove local -n usage)
- Add get_timestamp() helper and optimize log rotation
- Create mo log viewer with search/filter capabilities
- Improve test coverage to 18.4% with better assertions
- Add security fixes for grep injection prevention
- Validate bundle_id format (reverse-DNS) in stop_launch_services() to prevent glob injection attacks
- Add common word exclusion list for LaunchAgents name search to avoid false positive matches (Music, Notes, Photos, etc.) - Add security comments explaining symlink handling in remove_file_list()
- Improve brew_uninstall_cask() timeout handling: exit code 124 now returns failure immediately
- Update SECURITY_AUDIT.md with remediation details
- Replace parentheses with commas for supplementary info
- Use commas instead of em-dashes for separators
- Update bullet points from - to * in some contexts
- Improve version extraction regex with fallback logic
- Add fallback to mo --version when brew list fails
- Add error handling for debug log write failures
- Improve version extraction with multiple fallback strategies
Previously, apps matching DATA_PROTECTED_BUNDLES patterns (VPNs, dev tools, etc.)
could not be uninstalled because should_protect_path blocked their deletion.
Now use MOLE_UNINSTALL_MODE to distinguish between cleanup and explicit uninstall,
allowing users to remove these apps when they choose to while still protecting
their data during normal cleanup operations.
Also allow deletion of installer receipts in /private/var/db/receipts/.
- Disable sensors data collection (CPU temp already shown in CPU card)
- Remove unused sensor-related functions (collectSensors, prettifyLabel, hasSensorData, renderSensorsCard)
- Remove unused gopsutil/sensors import
- Fix inline spinner disown call with explicit PID
- Update version from 1.22.0 to 1.22.1
- Update SECURITY_AUDIT.md to match new version and date
- Speed up spinner animation from 100ms to 50ms for smoother visuals
- Fix spinner flicker by deferring stop until output is ready
- Remove unnecessary 'Preparing...' spinner at section start
- Hide whitelist-protected items from output (Trash, Finder metadata)
- Add spinner feedback for system diagnostic log cleanup
- Remove redundant stop_section_spinner calls in cleanup modules
The cleanup process now feels significantly faster and more polished,
with continuous visual feedback and no jarring gaps between operations.
- Modified FORCE_CHAR mode in read_key() to recognize arrow keys and space
- Users can now navigate and select items while typing in search mode
- Improves UX by eliminating need to press Enter before selecting
- ESC key still works to cancel search
This restores V1.19.0 behavior where navigation worked during search
- Changed from `command -v PlistBuddy` to `[[ -x /usr/libexec/PlistBuddy ]]`
- PlistBuddy is not in PATH, it's at /usr/libexec/PlistBuddy on macOS
- Previous code would always return early, making Dock cleanup never work
- Also improved fallback logic for already-deleted apps
- Tested and verified Dock icons are now properly removed after uninstall
CRITICAL SECURITY FIX
Enhanced the receipt file parsing in uninstall operations to prevent
accidental deletion of critical system files while maintaining deep
cleanup capabilities.
Changes:
- Tightened whitelist in find_app_receipt_files() to exclude /Users/*,
/usr/*, and /opt/* broad patterns
- Added explicit blacklist for /private/* with safe exceptions for
logs, temp files, and diagnostic data
- Integrated should_protect_path() check for additional protection
- Added file deduplication with sort -u to prevent duplicate deletions
- Removed dry-run feature from batch uninstall (unused entry point)
Path Protection:
✅ Blocked: /etc/passwd, /var/db/*, /private/etc/*, all system binaries
✅ Allowed: /Applications/*, specific /Library/* subdirs, safe /private/* paths
✅ Additional: Keychain files, system preferences via should_protect_path()
This fixes a critical security issue where parsing .bom receipt files
could result in deletion of system files like /etc/passwd and /var/db/*,
leading to system corruption and data loss.
Affects: V1.12.14 and later versions
Testing: Validated against critical system paths, all blocked correctly
