PureMac v2.1.0

v2.1.0

Universal binary (Intel + Apple Silicon).

Security hardening

Five reported vulnerabilities closed - all exploitable with a prior same-UID foothold, no admin/root required.

• Allow-list bypass via hasPrefix without trailing separator (#47) - sibling paths like /tmpfoo/victim.secret could pass the whole-subtree check for /tmp. Fixed with separator-anchored prefix match in CleaningEngine.isSafeToDelete and OrphanSafetyPolicy.isSafeCandidate.
• Zero-click cache deletion via HOMEBREW_CACHE + pre-seeded ScheduleConfig (#48). scanBrewCache now strips HOMEBREW_* from the child env and validates brew --cache output against a known-roots allow-list. Downloads, Documents, and Desktop removed from the whole-subtree allow-list (still deletable as per-file large-file items). SchedulerService.init discards a stale nextRunDate; AppState.init gates scheduler.start() on OnboardingComplete.
• TOCTOU between symlink check and removeItem (#49). CleaningEngine.cleanItems now deletes through the resolved URL and re-resolves + re-verifies the resolved path immediately before the unlink.
• App-uninstaller short-name bomb + unchecked removeItem (#50). Minimum 5-char token length enforced on app-name / path-component / letters-only / bundle-last-two / base-bundle / stripped-name / company / team-ID matches. Bundle-ID condition matching is now anchored (==, hasPrefix(cond + "."), or hasSuffix("." + cond)) instead of an unanchored contains - stops com.evil.jetbrainsapp from hijacking the jetbrains rule. AppState.removeSelectedFiles and OrphanSafetyPolicy refuse any high-risk home dotpath.
• Removing Claude.ai webapp deleted ~/.claude (#51). Locations.appSearch.paths no longer includes bare $HOME, so top-level home dotfiles are not scanned as app artifacts. A new highRiskHomeDotPaths list in Conditions.swift (~/.claude, ~/.ssh, ~/.aws, ~/.kube, ~/.docker, ~/.gnupg, ~/.config, cloud/CLI-tool configs, shell histories) is unconditionally skipped by the scanner and the uninstaller selection guard.

UI fixes

• Home page lost after redirecting to side tabs (#69). Smart Scan is now pinned to a dedicated Home section at the top of the sidebar, so it is always reachable.
• Installed Apps sort not working (#59). Application and Size columns are sortable via KeyPathComparator.
• Sidebar expands indefinitely in Installed Apps (#60). Left pane of the internal HSplitView capped at maxWidth: 600.
• About-box version mismatch (#44, #46, #57, #64). Info.plist now uses $(MARKETING_VERSION) / $(CURRENT_PROJECT_VERSION) macros instead of hardcoded 1.0.1/3. The shipped bundle now reports 2.1.0 (5).

Other landed work

• Data-race fix in AppPathFinder.shouldSkipItem (#67)
• CLI dispatch only enters CLI mode for known commands - Xcode's -NSDocumentRevisionsDebugMode and LaunchServices -psn_<pid> no longer hijack launch (#68)
• New Docker Cache cleaning category (#36, closes #1)
• Spanish (es) localization + multilingual README (#65)

Install

brew tap momenbasel/tap
brew install --cask puremac

Or download PureMac-2.1.0.dmg below.

PureMac v2.0.0

v2.0.0

Universal binary (Intel + Apple Silicon). Signed and notarized.

New in v2.0

• App Uninstaller - heuristic file discovery with 10-level matching
• Orphaned File Finder - detect leftovers from uninstalled apps
• CLI - puremac scan, puremac list, puremac disk-info
• Onboarding - first-launch Full Disk Access setup
• Native SwiftUI - system light/dark mode, no custom gradients
• Security - symlink attack prevention, confirmation dialogs
• 120+ search paths, 25 per-app matching rules, 3 sensitivity levels

Install

brew tap momenbasel/tap
brew install --cask puremac

Or download PureMac-2.0.0.dmg below.

PureMac v1.0.1

What's New in v1.0.1

Universal Binary - Intel + Apple Silicon (#7)

• PureMac now ships as a Universal Binary (arm64 + x86_64)
• Works natively on both Intel and Apple Silicon Macs
• Notarized and stapled by Apple

Chinese Localization (#8)

• Added Simplified Chinese (zh-Hans) translation - 116 strings
• Full localization across all views and categories

Full Disk Access & Permissions (#6)

• Disabled App Sandbox - the sandbox was blocking access to Trash, Mail, Desktop, Documents, Homebrew cache, and dev caches
• All scan categories now work correctly with Full Disk Access granted

Download

• PureMac-v1.0.1.zip - Universal Binary (Intel + Apple Silicon), signed and notarized
• Homebrew: brew install --cask puremac (update the tap to get v1.0.1)

PureMac v1.0.0

PureMac v1.0.0 - Initial Release

A free, open-source macOS cleaning utility. The CleanMyMac alternative that respects your privacy.

No subscriptions. No telemetry. No data collection.

Features

• Smart Scan - One-click scan across 8 cleaning categories
• System Junk - System caches, logs, and temporary files
• User Cache - Application and browser caches
• Mail Attachments - Downloaded mail attachments
• Trash Bins - Empty all Trash bins
• Large & Old Files - Find files over 100 MB or older than 1 year
• Purgeable Space - APFS purgeable disk space (Time Machine snapshots)
• Xcode Junk - Derived data, archives, simulator caches
• Homebrew Cache - Homebrew download cache
• Scheduled Cleaning - Automatic scans on configurable intervals (hourly to monthly)
• Auto-Purge - Automatically purge purgeable files on schedule
• Click-to-inspect - See exactly what will be removed before cleaning

Install

Homebrew (recommended):

brew tap momenbasel/tap
brew install --cask puremac

Direct download: Download PureMac-v1.0.0.zip below, unzip, drag PureMac.app to /Applications.

Mac App Store: Download

Requirements

• macOS 13.0 (Ventura) or later
• Apple Silicon or Intel Mac

Privacy

• 100% offline - zero network calls
• No analytics, no telemetry
• Signed and notarized with Apple Developer ID