WDMT /ˌwɪdiˈɛmˈtiː/ (Web Developer Maintenance Tool) is a CLI that securely removes bulky development artefacts such as node_modules, .next, or dist. It focuses on correctness and safety, ensuring that no file outside the intended directory tree is ever touched.
wdmt.mp4
Have you ever seen 200GB+ taken by the System Data on your Mac?
Large dependency folders and build outputs quickly bloat local check-outs. Manually pruning them with rm -rf or similar commands is risky-one wrong path or an unexpected symlink can wipe unrelated data.
WDMT gives developers a fast and interactive way to reclaim disk space without compromising security.
- 🔒 Symlink Attack Prevention — Never follows malicious symlinks
- 🛡️ Path Traversal Protection — Blocks
../../../etc/passwdstyle attacks - ⚡ Interactive Selection — Smart path display with multiple view modes
- 📊 Progress Visualisation — Beautiful progress bars created using charmbracelet libraries
- 🎯 Secure by Design — Robust security validation
- 📱 Cross-Platform — Works on macOS, Linux, and Windows
- 🔍 Enhanced Path Display — Smart, condensed, and full path viewing modes with keyboard shortcuts
- 📏 Accurate Size Calculation — Uses 4KB block size to match actual disk usage
- 🚀 Zero Configuration — Works out of the box with sensible defaults, no config files needed
- Cobra — CLI framework for building commands
- Bubble Tea — Terminal UI framework
- Lipgloss — Terminal styling and layout
- Bubbles — TUI components (lists, progress bars, spinners)
go install github.com/neg4n/wdmt@latestor
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/neg4n/wdmt/main/install.sh | sh- Launch your preferred terminal emulator
- Navigate to the directory you want to clean up (e.g.
~/projectsif you keep all your programming projects there) - Run
wdmtin the terminal - Follow the interactive prompts to select and delete directories
During the selection phase:
- ↑/↓ or j/k — Navigate through the list
- Space or Enter — Select/deselect items
- a — Select all items
- A — Deselect all items
- p — Cycle through path display modes (smart → condensed → full)
- ? — Toggle help
- q or Ctrl+C — Quit
During deletion:
- Any key — Skip the 5-second completion delay
WDMT uses a two-phase security model optimized for both performance and safety:
- 🔍 Fast & Minimal Security — Essential symlink detection for safe directory traversal
- ⚡ Performance Optimized — Parallel scanning with CPU×3 workers for fast discovery
- 👀 User Review Required — Always displays confirmation screen before deletion
- 🛡️ Full Security Suite — Complete protection when it matters most
| Feature | Traditional tools | WDMT Scanner | WDMT Cleaner |
|---|---|---|---|
| Symlink safety | Often follows symlinks | Essential detection | Never follows symlinks |
| Path validation | Basic checks | Basic boundary checks | Multi-layer validation |
| Injection protection | None | N/A (user review) | UTF-8 & null-byte filtering |
| Race-condition defence | Vulnerable | N/A (user review) | Just-in-time validation |
| Filesystem boundaries | Can cross devices | N/A (user review) | Device-ID tracking |
Important
The scanner prioritizes speed for discovery, while the cleaner enforces complete security during deletion. Always review the confirmation screen to verify what you're deleting, as this is your primary defense against accidental deletions.
WDMT detects and cleans the following artefacts:
| Type | Directories |
|---|---|
| Node.js | node_modules |
| Build output | dist, build, .output |
| Framework cache | .next, .nuxt, .vite, .turbo |
| Test coverage | coverage, .nyc_output, lib-cov |
| Bundler cache | .parcel-cache, .webpack, .rollup.cache |
| Temporary | tmp, temp, .cache |
| System files | .DS_Store, Thumbs.db |
Note
Target directories are currently hardcoded for security and simplicity but will be configurable in future releases.
# All tests
go test ./...
# Security tests with coverage
go test ./internal/cleaner -v -coverTip
All security tests run in isolated temporary directories to avoid touching real data.
| Tool | Security | Interactive | Cross-Platform |
|---|---|---|---|
| WDMT | ✅ Robust | ✅ Modern UI | ✅ Go-based |
rimraf |
❌ Basic | ❌ No | ✅ Node.js |
rm -rf |
❌ Dangerous | ❌ No | |
npkill |
✅ Yes | ✅ Node.js |
The MIT License