wdmt
wdmt
toolIntroduction
WDMT /ˌwɪdiˈɛmˈtiː/ (Web Developer Maintenance Tool) is a CLI that securely removes bulky development artefacts such as node_modules
, .next
, or dist
. It focuses on correctness and safety, ensuring that no file outside the intended directory tree is ever touched.
Motivation
Have you ever seen 200GB+ taken by the System Data on your Mac?
Large dependency folders and build outputs quickly bloat local check-outs. Manually pruning them with rm -rf
or similar commands is risky-one wrong path or an unexpected symlink can wipe unrelated data.
WDMT gives developers a fast and interactive way to reclaim disk space without compromising security.
Key Features
- 🔒 Symlink Attack Prevention — Never follows malicious symlinks
- 🛡️ Path Traversal Protection — Blocks
../../../etc/passwd
style attacks - ⚡ Interactive Selection — Smart path display with multiple view modes
- 📊 Progress Visualisation — Beautiful progress bars created using charmbracelet libraries
- 🎯 Secure by Design — Robust security validation
- 📱 Cross-Platform — Works on macOS, Linux, and Windows
- 🔍 Enhanced Path Display — Smart, condensed, and full path viewing modes with keyboard shortcuts
- 📏 Accurate Size Calculation — Block-based size estimation (4KB blocks) matches actual disk usage
Quick Start
Installation
go install github.com/neg4n/wdmt@latest
or
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/neg4n/wdmt/main/install.sh | sh
Usage
- Launch your preferred terminal emulator
- Navigate to the directory you want to clean up (e.g.
~/projects
if you keep all your programming projects there) - Run
wdmt
in the terminal - Follow the interactive prompts to select and delete directories
Security Architecture
WDMT uses a two-phase security model optimized for both performance and safety:
Discovery Phase (Scanner)
- 🔍 Fast & Minimal Security — Essential symlink detection for safe directory traversal
- ⚡ Performance Optimized — Lightweight validation enables sub-second scanning
- 👀 User Review Required — Always displays confirmation screen before deletion
Deletion Phase (Cleaner)
- 🛡️ Full Security Suite — Complete protection when it matters most
Feature | Traditional tools | WDMT Scanner | WDMT Cleaner |
---|---|---|---|
Symlink safety | Often follows symlinks | Essential detection | Never follows symlinks |
Path validation | Basic checks | Basic boundary checks | Multi-layer validation |
Injection protection | None | N/A (user review) | UTF-8 & null-byte filtering |
Race-condition defence | Vulnerable | N/A (user review) | Just-in-time validation |
Filesystem boundaries | Can cross devices | N/A (user review) | Device-ID tracking |
Supported Targets
WDMT detects and cleans the following artefacts:
Type | Directories |
---|---|
Node.js | node_modules |
Build output | dist , build , .output |
Framework cache | .next , .nuxt , .vite , .turbo |
Test coverage | coverage , .nyc_output , lib-cov |
Bundler cache | .parcel-cache , .webpack , .rollup.cache |
Temporary | tmp , temp , .cache |
System files | .DS_Store , Thumbs.db |
Development
Running Tests
# All tests
go test ./...
# Security tests with coverage
go test ./internal/cleaner -v -cover
Comparison
Tool | Security | Interactive | Cross-Platform |
---|---|---|---|
WDMT | ✅ Robust | ✅ Modern UI | ✅ Go-based |
rimraf | ❌ Basic | ❌ No | ✅ Node.js |
rm -rf | ❌ Dangerous | ❌ No | ⚠️ Unix only |
npkill | ⚠️ Limited | ✅ Yes | ✅ Node.js |
License
The MIT License
More Projects
Explore other projects that might interest you
faviconize
🎆 Library and CLI responsible for generating favicons in all formats and providing easy way to integrate them into your application
next-api-compose
🧬 Simple, dependency free, error aware and powerful utility to compose chain of multiple middleware into one Next.js API Route.
next-api-og-image
Easy way to generate open-graph images dynamically in HTML or React using Next.js API Routes. Suitable for serverless environment.