惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

爱范儿
爱范儿
P
Palo Alto Networks Blog
月光博客
月光博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
I
InfoQ
aimingoo的专栏
aimingoo的专栏
腾讯CDC
T
Threatpost
D
DataBreaches.Net
Vercel News
Vercel News
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
C
Cybersecurity and Infrastructure Security Agency CISA
Forbes - Security
Forbes - Security
U
Unit 42
C
Check Point Blog
Blog — PlanetScale
Blog — PlanetScale
O
OpenAI News
量子位
TaoSecurity Blog
TaoSecurity Blog
Microsoft Azure Blog
Microsoft Azure Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Visual Studio Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Security Archives - TechRepublic
Security Archives - TechRepublic
The Last Watchdog
The Last Watchdog
S
Security Affairs
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
小众软件
小众软件
S
SegmentFault 最新的问题
www.infosecurity-magazine.com
www.infosecurity-magazine.com
W
WeLiveSecurity
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
I
Intezer
Know Your Adversary
Know Your Adversary
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Cloudflare Blog
博客园_首页
NISL@THU
NISL@THU
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - stgrass3/the-devourer: Best-effort secure file shredder for Windows with multi-pass overwrite, NTFS ADS handling, and live progress.
idolium · 2026-06-19 · via Hacker News: Show HN

The Devourer logo

A focused Windows utility for best-effort, multi-pass local file shredding.

Windows x64 Version 1.0.2 Electron 42.4.0 MIT License

The Devourer overwrites a file's primary data and NTFS alternate data streams, randomizes its namespace, clears common metadata, flushes writes, and removes the final filesystem entry. It packages this pipeline in a small, animated, portable Electron application with live progress and explicit storage-risk warnings.

Warning

Deletion is permanent. The Devourer is a best-effort file shredder, not a universal forensic-erasure guarantee. Read Security model and limitations before using it for sensitive data.

Contents

  • User Guide — simple instructions for everyday users
  • Features
  • Requirements
  • Quick start
  • Secure modes
  • How deletion works
  • Security architecture
  • Security model and limitations
  • Configuration
  • Development
  • Testing
  • Building a release
  • Diagnostics and troubleshooting
  • Project structure
  • License

Features

  • Four overwrite passes for the main file stream and every detected NTFS alternate data stream: 0x00, 0xFF, cryptographically secure random data, then 0x00.
  • File-picker and drag-and-drop workflows.
  • Three deletion modes: Normal, Aggressive, and Extreme.
  • SSD/NVMe, TRIM, BitLocker, and Volume Shadow Copy risk checks.
  • Reparse-point, symbolic-link, hard-link, and exclusive-lock guards.
  • Random 64-character hexadecimal renaming before deletion.
  • Best-effort timestamp clearing and Windows Recent shortcut cleanup.
  • Worker-thread shredding with throttled live progress updates.
  • Sandboxed Electron renderer with context isolation and a narrow preload API.
  • Portable Windows x64 build; no installer required.
  • No application telemetry, account, cloud service, or runtime network API.

Requirements

Running the app

  • Windows 10 or Windows 11, x64.
  • Local filesystem access to the target file.
  • Administrator access only for Aggressive and Extreme modes.

The current packaged target is Windows x64. Directories, symbolic links, Windows reparse points, and files with multiple hard links are intentionally rejected.

Building from source

  • Node.js 22.12 or newer.
  • npm.
  • Windows x64 for producing and executing the portable build.

Quick start

  1. Download The-Devourer-1.0.2-portable-x64.exe from the repository's Releases page.
  2. Run the executable. It extracts to a temporary directory and opens the app; it does not install a permanent system service.
  3. Choose a secure mode.
  4. Click the bin to open the file picker, or drag one file onto the window.
  5. Review the target name, mode, and permanent-delete warning.
  6. Click the armed bin again to begin deletion.
  7. Keep the app open until it reports 100% and shows the completion state.

The renderer receives a short-lived target ID and shortened display path. The full filesystem path remains in the Electron main process.

Secure modes

Mode Operations Administrator required Expected cost
Normal Four-pass stream wipe, metadata cleanup, truncate, flush, unlink No Proportional to file size
Aggressive Normal mode plus Windows volume ReTrim Yes Normal cost plus volume optimization
Extreme Aggressive mode plus same-volume free-space filling Yes Potentially very slow; can write most available free space

Selecting Aggressive or Extreme without administrator rights opens a Windows elevation prompt. The app restarts with --secure-mode=<mode> after approval; the target must then be selected again.

Extreme mode preserves approximately 512 MiB of free space. It writes random data into temporary files of up to 256 MiB each, flushes them, and removes the temporary wipe directory when finished or interrupted by an error.

How deletion works

flowchart LR
    U["User selects or drops a file"] --> R["Main process registers target ID"]
    R --> G["Link, type, and lock guards"]
    G --> S["Storage risk checks"]
    S --> A["Enumerate and wipe NTFS ADS"]
    A --> N["Randomize name and relocate"]
    N --> W["Four-pass primary-stream overwrite"]
    W --> M["Truncate, clear timestamps, flush"]
    M --> D["Unlink final namespace entry"]
    D --> X["Optional ReTrim / free-space wipe"]
    X --> C["Completion plus warnings"]
Loading

Detailed pipeline

Stage What happens
Target inspection lstat rejects symbolic links; Windows attributes reject reparse points; stat rejects non-files and files with more than one hard link.
Storage analysis The app queries drive media/bus type, TRIM state, BitLocker state, and Volume Shadow Copies. Failures become warnings rather than silently claiming safety.
Attribute cleanup Windows file attributes are reset to Normal; a writable-mode fallback is used if PowerShell fails.
Exclusive lock check A read/write handle is opened with FileShare.None. Files held by another process are rejected before destructive work begins.
ADS enumeration PowerShell Get-Item -Stream * discovers named NTFS alternate data streams.
ADS overwrite Every named stream is overwritten with four passes, truncated, flushed, closed, and removed.
Namespace randomization The original filename is replaced with a cryptographically random 64-character hexadecimal name.
Timestamp cleanup Creation, last-write, and last-access times are set to the Unix epoch. If creation-time editing fails, the app falls back to access/write timestamps and reports a warning.
Temporary relocation The randomized file is moved to %TEMP% when a same-volume rename is possible. Cross-volume failure is non-fatal; wiping continues under the randomized local name.
Primary overwrite The file is written in 1 MiB chunks using zero, ones, CSPRNG, and final-zero passes. Every pass is followed by fsync.
Final removal The stream is truncated to zero bytes, timestamps are cleared again, metadata is flushed, the handle is closed, and the file is unlinked.
Artifact cleanup Matching Windows Recent .lnk shortcuts are removed on a best-effort basis.
Optional volume work Aggressive mode invokes Optimize-Volume -ReTrim. Extreme mode additionally fills same-volume free space while preserving a 512 MiB reserve.

Overwrite pattern

Pass Data Purpose
1 0x00 Deterministic full-stream overwrite
2 0xFF Opposite deterministic bit pattern
3 CSPRNG bytes Unpredictable overwrite generated by Node.js crypto.randomBytes
4 0x00 Final deterministic state before truncation

Four passes do not defeat SSD wear leveling, controller remapping, snapshots, or external copies. They are a defense-in-depth strategy for addressable file content, especially on conventional magnetic storage.

Security architecture

flowchart TB
    UI["Renderer: HTML, CSS, renderer.js"]
    PRE["Sandboxed preload bridge"]
    MAIN["Electron main process"]
    REG["10-minute target registry"]
    WORKER["Worker thread"]
    FS["Windows filesystem and system tools"]

    UI -->|"narrow devourer API"| PRE
    PRE -->|"validated IPC"| MAIN
    MAIN --> REG
    MAIN -->|"target path + mode"| WORKER
    WORKER --> FS
    WORKER -->|"throttled progress/result"| MAIN
    MAIN -->|"progress only"| PRE
    PRE --> UI
Loading

Electron process boundary

The main window uses:

  • contextIsolation: true
  • nodeIntegration: false
  • sandbox: true
  • a local file:// page
  • exact local base-URL validation for every IPC handler

The preload script exposes only the operations required by the UI. The renderer has no general Node.js or filesystem access.

Target registry

After a file is selected or dropped, the main process stores its resolved path in an in-memory registry and returns a random UUID, basename, size, and shortened display path. Registry entries expire after ten minutes and are consumed when deletion starts. A stale, reused, or unknown ID is rejected.

Preload API

Method Purpose
pickFile() Opens the native one-file picker and registers the result.
resolvePath(filename) Opens a native picker when a dropped browser File cannot provide a usable path.
registerDroppedFile(file) Resolves a dropped file through Electron webUtils, then registers it in the main process.
shredFile(targetId, options) Consumes a registered target and starts the worker with the selected mode.
getStartupSecureMode() Reads the validated --secure-mode startup value.
requestSecureMode(mode) Applies a mode or requests an elevated restart.
onProgress(callback) Subscribes to structured progress events and returns an unsubscribe function.
minimizeWindow() / closeWindow() Controls the frameless application window.

Only one shred worker can run at a time. Worker progress messages are throttled to at most one update every 50 ms within the same phase, while phase changes are delivered immediately.

Runtime recovery and diagnostics

The main process records renderer, GPU/child-process, window-close, minimize, and quit lifecycle events. If the renderer exits abnormally, the window is reloaded. After deletion completes, a minimized or hidden window is restored so completion cannot silently disappear.

Diagnostic log:

%APPDATA%\the-devourer\devourer.log

The log contains lifecycle state only; it does not record deleted file paths.

Security model and limitations

The Devourer reduces recoverable data from the file's normal filesystem namespace and addressable streams. It cannot guarantee physical erasure across every storage, operating-system, backup, and synchronization layer.

What it protects against

  • Casual recovery from an ordinarily deleted filesystem entry.
  • Recovery of addressable primary-stream content that was successfully overwritten.
  • Overlooked data in named NTFS alternate data streams.
  • Accidental shredding through symbolic links, reparse points, or one name of a multiply hard-linked file.
  • Starting a destructive operation on a file currently locked by another process.

What it cannot reliably erase

  • SSD/NVMe wear-leveling cells and controller-remapped blocks.
  • Drive firmware caches and inaccessible spare areas.
  • Windows Volume Shadow Copies and restore snapshots.
  • NTFS MFT history, USN journal records, and other filesystem metadata history.
  • Backups, cloud-sync replicas, version history, remote copies, or removable media copies.
  • Search indexes, antivirus records, shell history, thumbnails, application logs, or third-party telemetry.
  • Cloud-only placeholders and virtual files that do not map to a normal local file stream.
  • Data already copied into RAM, swap/page files, hibernation files, or crash dumps.

For highly sensitive data, enable full-disk encryption before creating the file, control backups and replicas, then destroy the encryption key or sanitize the entire device according to an appropriate organizational standard.

Storage checks and warnings

The app performs these checks before overwriting:

Check Implementation Warning condition
Media type Get-Partition + Get-Disk SSD/NVMe detected, unknown media, or query unavailable
TRIM fsutil behavior query DisableDeleteNotify TRIM enabled on storage not already classified as flash, or status unavailable
BitLocker manage-bde -status <drive>: Full-volume encryption and protection cannot both be confirmed
Shadow copies vssadmin list shadows /for=<drive>: One or more snapshots exist, or status cannot be queried

Warnings do not cancel the operation. They are displayed after completion so the result does not imply stronger erasure than the storage stack can support.

Configuration

Command-line options

Option Values Description
--secure-mode=<mode> normal, aggressive, extreme Sets the startup mode. Invalid values fall back to Normal.
--dev flag Preserved when restarting the development app with elevation.
--smoke-test flag Internal packaged-build validation; opens a hidden window, validates security/UI/IPC, then exits.

Environment variables

Variable Value Effect
DEVOURER_ENABLE_RETRIM 1 Forces ReTrim independently of the selected preset.
DEVOURER_FREE_SPACE_WIPE 1 Forces same-volume free-space wiping independently of the selected preset.
DEVOURER_IMPORT_ONLY 1 Internal test harness switch that imports the main module without booting the app.

The environment overrides are intended for controlled development and testing. Normal users should select a mode through the interface.

Development

Use npm run dev to preserve the development flag across an elevated restart.

npm scripts

Command Purpose
npm start Launch the application.
npm run dev Launch with --dev.
npm run check Syntax-check production and release-test JavaScript files.
npm run test:unit Run shredder and worker tests with Node's built-in test runner.
npm run test:e2e Launch a hidden real Electron window and test security settings, preload IPC, an actual 8 MiB deletion, completion, and UI reset.
npm test Run unit and Electron end-to-end tests.
npm run dist:win Build the portable Windows x64 executable.
npm run test:package Verify artifact freshness/size and run the packaged executable's smoke test.
npm run release:verify Run syntax checks, all tests, build, and packaged smoke validation.

Testing

The automated suite covers:

  • normal file overwrite and deletion;
  • directory rejection;
  • hard-link rejection;
  • symbolic-link rejection;
  • read-only attribute clearing;
  • NTFS alternate data stream wiping;
  • worker-thread deletion and progress phases;
  • BrowserWindow security preferences;
  • preload API availability and trusted IPC;
  • pre-delete warning visibility;
  • actual 8 MiB renderer-to-IPC-to-worker deletion;
  • post-delete completion and idle reset;
  • packaged portable startup and internal smoke validation.

Run the full source test gate:

Building a release

Build the portable executable:

Output:

artifacts\The-Devourer-<version>-portable-x64.exe

Run the complete release gate:

The build uses maximum ASAR compression and includes only the runtime source, assets, README, license, and package metadata listed in package.json.

Release checklist

  • Update version in package.json and package-lock.json.
  • Run npm run release:verify.
  • Manually shred a disposable file on Windows.
  • Confirm the pre-delete best-effort warning remains visible.
  • Confirm completion remains visible and the app resets to idle.
  • Publish the portable executable with this README and the security limitations intact.

Diagnostics and troubleshooting

Symptom Cause / action
target is locked by another process Close the editor, media player, sync client, or other process holding the file, then select it again.
target has ... hard links Remove other hard links first. The app refuses to shred only one name while the same file data remains reachable elsewhere.
Symbolic-link or reparse-point rejection Select the real regular file. Namespace indirection is deliberately not followed.
SSD, TRIM, BitLocker, or snapshot warnings Read the warning literally; the file was processed, but old data may remain outside the addressable stream.
Aggressive/Extreme mode returns to Normal Approve the Windows elevation prompt, then reselect the target after restart.
Extreme mode takes a long time It may write nearly all available free space on the target volume. Use Normal or Aggressive unless free-space filling is specifically required.
Window seems to disappear after deletion Use the latest build. Completion now restores hidden/minimized windows. Inspect %APPDATA%\the-devourer\devourer.log for lifecycle events.
Portable build reports Can't open output file Close any running copy of that portable version, remove the old artifact, or increment the version before rebuilding.
Package smoke says artifact is stale Re-run npm run dist:win after the last packaged-source change.

Privacy

The runtime app does not implement telemetry, analytics, accounts, remote storage, automatic uploads, or an update service. File contents are processed locally. Windows, security software, storage firmware, sync tools, and other software may still create independent logs or copies outside the app's control.

Project structure

.
├── assets/
│   ├── icon.png                 # Windows application icon
│   └── readme-logo.png          # README hero artwork
├── test/
│   ├── electron-smoke.js        # Real Electron IPC/UI/delete E2E test
│   ├── package-smoke.js         # Portable artifact validation
│   ├── shredder.test.js         # Core shredder tests
│   └── worker.test.js           # Worker/progress integration test
├── index.html                   # Application markup and SVG artwork
├── styles.css                   # Window layout, state visuals, animation
├── renderer.js                  # UI state machine and interactions
├── preload.js                   # Sandboxed renderer IPC bridge
├── main.js                      # Window, target registry, IPC, elevation
├── shredder-worker.js           # Worker entry point and progress throttle
├── shredder.js                  # Secure-delete pipeline
├── package.json                 # Scripts and Electron Builder config
├── README.md
└── LICENSE

Contributing

Changes to deletion semantics must include focused tests and preserve the best-effort wording. Before opening a pull request:

For packaging changes, also run:

Never weaken link, lock, sender-validation, sandbox, or warning behavior merely to make an unsupported target succeed.

License

The Devourer is available under the MIT License.