Safe, whitelist-only storage cleaner for macOS — never touches system files, apps, or your documents.
Project description
MacSweep — Safe Storage Cleaner for macOS
A free, open-source alternative to CleanMyMac for reclaiming disk space from caches, logs, and developer-tool build artifacts. Whitelist-only by architecture: it cannot touch the OS, system files, installed applications, or your personal data — the safety rules are enforced in code, not by convention, and covered by CI-run tests.
| MacSweep | CleanMyMac | DaisyDisk | |
|---|---|---|---|
| Price | Free, MIT | $40/yr | $10 |
| Open source | Yes | No | No |
| Can touch system files / your documents | No — blocked by architecture | Yes | Yes |
| Needs admin rights | Never | Yes | For some ops |
| Recoverable by default (Trash) | Yes | Partially | No |
Comes as both a desktop app and a CLI. The core requires only Python 3.9+ (included with macOS Command Line Tools) and has zero third-party dependencies; the GUI optionally uses PySide6. Never needs sudo — refuse to run it with sudo.
Desktop app
python3 -m pip install 'macsweep[gui]' # or from a clone: pip install -e '.[gui]'
python3 -m macsweep gui
Scan, review every item with checkboxes grouped by category, and clean with one click. The GUI only ever moves items to the Trash — everything stays recoverable; permanent deletion is deliberately CLI-only.
CLI quick start
cd macsweep
# See what it's allowed to clean
python3 -m macsweep targets
# Read-only scan: shows reclaimable space, removes nothing
python3 -m macsweep scan
# Dry run of a clean (default — still removes nothing)
python3 -m macsweep clean
# Actually clean: items are moved to Trash (fully recoverable)
python3 -m macsweep clean --yes
# Include old Trash items (opt-in, permanent, double-confirmed)
python3 -m macsweep clean --include trash --permanent --yes
Useful options: --only user-caches (restrict targets), --min-age 30 (only touch older items; can only raise the built-in minimums), -v (show skipped items and why).
Safety model — defense in depth
- Whitelist-only scanning. The scanner can only iterate locations in a hardcoded registry (
infrastructure/macos_targets.py): user-scope caches, logs, Xcode DerivedData, Homebrew/npm/yarn/pip caches. There is no code path that walks arbitrary directories. - Independent blocklist.
SafetyPolicyre-checks every path against protected prefixes (/System,/Library,/usr,/Applications,~/Documents,~/Desktop,~/Downloads,~/Library/Application Support,~/Library/Preferences, Keychains, Mail, Photos, iCloud Drive, cloud-storage mounts, …). Even a misconfigured target cannot reach them. - Symlink-escape protection. Paths are resolved to their real location and must remain inside their target root. A cache entry that symlinks to your Documents folder is skipped, never followed.
- Age gate. Items modified recently (per-target minimum: 3–30 days, using the newest file inside a directory) are never touched, so active caches are left alone.
- Dry run by default.
cleanwithout--yeschanges nothing. - Recoverable by default. Cleaning moves items to the Trash via Finder; permanent deletion requires the explicit
--permanentflag plus typingDELETEat a confirmation prompt. - Re-validation at removal time. Every item passes the full safety policy a second time immediately before removal, in the single code path (
CleanUseCase) through which anything can be removed. - No elevation. The tool operates on user-scope locations only, so it never asks for or needs administrator rights. System-managed caches (
/private/var/folders,/Library/Caches) are deliberately excluded — macOS maintains those itself.
Architecture (Clean Architecture)
macsweep/
├── domain/ # Enterprise rules — zero dependencies, pure Python
│ ├── entities.py # CleanupTarget, CleanupItem, ScanReport, CleanReport
│ └── policies.py # SafetyPolicy (the guard layer)
├── application/ # Use cases — depend only on domain + ports
│ ├── ports.py # FileSystemPort, RemoverPort, ReporterPort (Protocols)
│ ├── scan.py # ScanUseCase (read-only)
│ ├── clean.py # CleanUseCase (sole removal path)
│ └── app_service.py # AppService facade shared by all UIs
├── infrastructure/ # Adapters — implement the ports
│ ├── fs_adapter.py # LocalFileSystem
│ ├── trash.py # TrashRemover (Finder), PermanentRemover
│ └── macos_targets.py # the whitelist registry
├── presentation/
│ ├── cli.py # argparse CLI (UI only)
│ └── gui/ # PySide6 desktop app (UI only; background workers)
└── composition.py # the single composition root (all DI wiring)
Dependency rule: source-code dependencies point inward only (presentation → application → domain; infrastructure implements application ports). The CLI and GUI are thin shells over the same AppService facade — neither contains business logic, and both are wired through one composition root. The domain layer imports nothing outside itself, so the safety rules are trivially unit-testable.
Tests
python3 tests/test_safety.py # or: python3 -m pytest tests/ -v
14 tests cover the safety guarantees: rejection of system paths, applications, and user data; symlink-escape handling; dry-run behavior; clean-time re-validation of hostile items; the age gate; and the happy path.
Extending / contributing
Add a new location by appending a CleanupTarget to default_targets() — nothing else changes. The SafetyPolicy blocklist still applies on top of whatever you add.
See CONTRIBUTING.md for the safety ground rules, development setup, and how to propose new cleanup targets. Adding a target is a great first PR.
Roadmap
- Menu-bar companion showing reclaimable space at a glance
- App uninstaller with leftover finder
- More developer caches (Docker, Gradle, CocoaPods, Cargo, old simulators)
- Large/old file and duplicate finders (report-only)
- Homebrew cask + signed, notarized
.appreleases - Scheduled cleaning via launchd
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file macsweep-0.2.1.tar.gz.
File metadata
- Download URL: macsweep-0.2.1.tar.gz
- Upload date:
- Size: 46.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
500410c0a7f17b878835d127fa832aef59bd69e86e5f9ef8b832e6207b811cf3
|
|
| MD5 |
e873cf2973ad50a72202af6b5e4b2961
|
|
| BLAKE2b-256 |
84f6a508873b954a6d0d0a62fed8564e71c732885937c84f7c02b0dfbde990f1
|
File details
Details for the file macsweep-0.2.1-py3-none-any.whl.
File metadata
- Download URL: macsweep-0.2.1-py3-none-any.whl
- Upload date:
- Size: 43.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d47ca2f027078e88c4c822bc9812884cd72005f8975cc532fa0db9a31c0181d9
|
|
| MD5 |
c5e54d376bf070f1e94d9b444cf67343
|
|
| BLAKE2b-256 |
1680878144f4a140b4684fe8fad7e4770ca42bebdd25fc3d5a6c772d23de7db0
|