wdmt

tool
Go
Jun 25, 2025
Overview
Preview

Introduction

WDMT /ˌwɪdiˈɛmˈtiː/ (Web Developer Maintenance Tool) is a CLI that securely removes bulky development artefacts such as node_modules, .next, or dist. It focuses on correctness and safety, ensuring that no file outside the intended directory tree is ever touched.

Motivation

Have you ever seen 200GB+ taken by the System Data on your Mac?

Large dependency folders and build outputs quickly bloat local check-outs. Manually pruning them with rm -rf or similar commands is risky-one wrong path or an unexpected symlink can wipe unrelated data.

WDMT gives developers a fast and interactive way to reclaim disk space without compromising security.

Key Features

  • 🔒 Symlink Attack Prevention — Never follows malicious symlinks
  • 🛡️ Path Traversal Protection — Blocks ../../../etc/passwd style attacks
  • ⚡ Interactive Selection — Smart path display with multiple view modes
  • 📊 Progress Visualisation — Beautiful progress bars created using charmbracelet libraries
  • 🎯 Secure by Design — Robust security validation
  • 📱 Cross-Platform — Works on macOS, Linux, and Windows
  • 🔍 Enhanced Path Display — Smart, condensed, and full path viewing modes with keyboard shortcuts
  • 📏 Accurate Size Calculation — Block-based size estimation (4KB blocks) matches actual disk usage

Quick Start

Installation

go install github.com/neg4n/wdmt@latest

or

curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/neg4n/wdmt/main/install.sh | sh

Usage

  1. Launch your preferred terminal emulator
  2. Navigate to the directory you want to clean up (e.g. ~/projects if you keep all your programming projects there)
  3. Run wdmt in the terminal
  4. Follow the interactive prompts to select and delete directories

Security Architecture

WDMT uses a two-phase security model optimized for both performance and safety:

Discovery Phase (Scanner)

  • 🔍 Fast & Minimal Security — Essential symlink detection for safe directory traversal
  • ⚡ Performance Optimized — Lightweight validation enables sub-second scanning
  • 👀 User Review Required — Always displays confirmation screen before deletion

Deletion Phase (Cleaner)

  • 🛡️ Full Security Suite — Complete protection when it matters most
FeatureTraditional toolsWDMT ScannerWDMT Cleaner
Symlink safetyOften follows symlinksEssential detectionNever follows symlinks
Path validationBasic checksBasic boundary checksMulti-layer validation
Injection protectionNoneN/A (user review)UTF-8 & null-byte filtering
Race-condition defenceVulnerableN/A (user review)Just-in-time validation
Filesystem boundariesCan cross devicesN/A (user review)Device-ID tracking

Supported Targets

WDMT detects and cleans the following artefacts:

TypeDirectories
Node.jsnode_modules
Build outputdist, build, .output
Framework cache.next, .nuxt, .vite, .turbo
Test coveragecoverage, .nyc_output, lib-cov
Bundler cache.parcel-cache, .webpack, .rollup.cache
Temporarytmp, temp, .cache
System files.DS_Store, Thumbs.db

Development

Running Tests

# All tests
go test ./...

# Security tests with coverage
go test ./internal/cleaner -v -cover

Comparison

ToolSecurityInteractiveCross-Platform
WDMT✅ Robust✅ Modern UI✅ Go-based
rimraf❌ Basic❌ No✅ Node.js
rm -rf❌ Dangerous❌ No⚠️ Unix only
npkill⚠️ Limited✅ Yes✅ Node.js

License

The MIT License

More Projects

Explore other projects that might interest you

View all