Please do not report security vulnerabilities through public GitHub issues.

Report vulnerabilities via GitHub Security Advisories.

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You can expect a response within 72 hours. We'll work with you to understand the issue and coordinate a fix before public disclosure.

Mac Cleaner CLI is designed with security in mind:

• 100% offline — no network requests, no telemetry, no analytics
• No root required — all operations run as the current user
• Read before delete — items are scanned and listed before any deletion
• Open source — all code is publicly auditable
• Minimal dependencies — only 5 runtime dependencies, all from trusted maintainers monitored via Socket.dev

This policy covers the mac-cleaner-cli npm package and the source code in this repository.