See what's eating your Mac's disk, then reclaim it.
A fast, native macOS app that scans any folder and shows exactly where your space went: a visual treemap, a duplicate finder, a largest-files view, and one-click cleanup. No Electron. Nothing leaves your Mac.
π Live site Β· β¬ Download (.dmg) Β· β Donate
| Feature | What it does | |
|---|---|---|
| π | Overview | Total usage, a colorful by-type donut, and your largest items at a glance. |
| π | Folder breakdown | Drill into any folder as a tree, sorted largest-first, with size bars and a search filter. |
| π¦ | Visual treemap | Each rectangle's area is its disk usage. Big space-eaters pop out. Click any tile to zoom in. |
| π | Largest files | The single biggest files anywhere, ranked, with an "old & large" filter (big files untouched 1y+). |
| π | Duplicate finder | Byte-identical files found via SHA-256 (size-bucketed first, so it's fast), with reclaimable space. |
| β¨ | Smart cleanup | Flags caches, node_modules/build dirs, junk (.DS_Store), and big archives β moves them to the Trash. |
Also:
- π§ Menu-bar overview, free space at a glance, plus quick scan, right from the menu bar.
- π Quick Look + Undo, preview any file inline; undo a cleanup instantly (everything goes to the Trash, never an unrecoverable delete).
- π― Drag & drop a folder onto the app to scan it. Recent folders for one-click re-scans.
- βοΈ Preferences, decimal/binary units, cleanup thresholds, and keyboard shortcuts (βO / βR / β,).
- πͺΆ Native & tiny (under 1 MB), 100% on-device, free and open source.
- Scan engine (
Models/ScanEngine.swift) walks the directory tree withFileManager, summing allocated size (totalFileAllocatedSize, real on-disk usage) and never follows symlinks, so nothing is double-counted. It's cancellable and reports live progress. - Aggregation (
Models/ScanInsights.swift) computes the by-type donut, largest items, and largest files off the main actor after a scan, so the UI never walks the tree while rendering. - Treemap is a squarified layout (Bruls, Huizing, and van Wijk,
Utilities/Squarify.swift) drawn in a singleCanvasfor speed, with exact point-in-rect hit-testing. - Duplicates (
Models/DuplicateFinder.swift) bucket files by size first, then compare candidates with a streaming SHA-256 (CryptoKit) so large files never load fully into memory. - Cleanup (
Models/CleanupRules.swift) is rule-based and only ever moves items to the Trash (recoverable).
App, pure SwiftUI, zero external dependencies. Uses only Apple system frameworks:
SwiftUI, AppKit, Charts (Swift Charts), CryptoKit, Foundation, Quartz/Quick Look.
Built with swiftc directly (no Xcode required, Command Line Tools is enough) and bundled into a .app by hand.
Website (web/), Next.js 16 + React 19, hand-written CSS (no UI framework), deployed on Vercel.
Download: grab the latest DiskLens.dmg from Releases, open it, and drag DiskLens into Applications.
First launch (it isn't notarized yet): macOS will block it the first time. Open System Settings β Privacy & Security, scroll down, and click Open Anyway. Or run once:
xattr -dr com.apple.quarantine /Applications/DiskLens.app
Requires macOS 14+ and the Swift toolchain (xcode-select --install, no full Xcode needed).
cd app
./build-app.sh # compiles & bundles DiskLens.app
open DiskLens.app
# or run straight from source:
./run.sh
# package a distributable disk image:
./make-dmg.sh # β DiskLens.dmgnotarize.sh is included for signing + notarizing if you have an Apple Developer ID.
Unit + integration tests live in app/Tests/DiskLensTests/ and use Swift's modern swift-testing framework. They cover the squarified treemap layout, file-type categorization, cleanup rules, insights aggregation, byte formatting, and a real-filesystem end-to-end scan β duplicate-finder β insights pipeline.
cd app
./run-tests.sh # run the whole suite
./run-tests.sh --filter Squarify # run a subsetrun-tests.sh auto-detects your toolchain (plain swift test under full Xcode; injects the swift-testing framework path on a Command Line Tools-only setup). CI runs this exact script on every push and pull request.
.
βββ app/ # native macOS app (SwiftUI)
β βββ Sources/DiskLens/ # App, Models, Views, Utilities
β βββ build-app.sh run.sh make-dmg.sh notarize.sh
β βββ Package.swift
βββ web/ # Next.js landing site (deployed to Vercel)
βββ docs/ # images
The website deploys to three environments:
| Environment | Trigger | URL |
|---|---|---|
| Production | push to main |
https://disklens-site.vercel.app |
| Staging | push to staging |
Vercel preview URL for the branch |
| Development | npm run dev / vercel dev (local) |
http://localhost:3000 |
Each carries a NEXT_PUBLIC_APP_ENV variable (production / staging / development) so the build knows where it's running.
cd web
npm install
npm run dev # developmentGitHub Actions builds and ships the app automatically:
| Trigger | Workflow | Result |
|---|---|---|
push to main (or tag v*.*.*) |
release.yml |
builds on a macOS runner and publishes a versioned GitHub Release with DiskLens.dmg |
push to dev / staging |
dev.yml |
builds, uploads a .dmg artifact, and refreshes a rolling dev-latest pre-release |
The site's Download points at releases/latest/download/DiskLens.dmg, so production always serves the latest CI-built binary. Versioning comes from the VERSION file (stamped into the app's CFBundleShortVersionString), bump it and push main, or push a vX.Y.Z tag, to cut a release.
DiskLens is built to be safe by design:
- 100% on-device, no telemetry or analytics, and your files and scan results never leave your Mac. The only network request is an optional update check you can switch off in Preferences.
- Zero third-party runtime dependencies, Apple system frameworks only, so the supply-chain surface is tiny.
- Recoverable cleanup, files are only ever moved to the Trash, never hard-deleted.
The project is continuously scanned in CI:
| Pipeline | What it does |
|---|---|
CodeQL (codeql.yml) |
SAST for Swift + JavaScript/TypeScript on every push, PR, and weekly |
Secret scan (secret-scan.yml) |
gitleaks across the full history and every change |
Dependency review (dependency-review.yml) |
blocks PRs that introduce vulnerable/incompatible deps |
Dependabot (dependabot.yml) |
weekly automated dependency + GitHub Actions updates |
Found a vulnerability? Please report it privately, see SECURITY.md.
Issues and PRs are welcome! The app has no external dependencies, so cd app && ./run.sh is all you need to start hacking, and ./run-tests.sh runs the suite. Please read CONTRIBUTING.md first, it covers the build, tests, and PR checklist, and our Code of Conduct. CI (tests, web build, CodeQL, secret scan, dependency review) must be green before a PR is merged.
DiskLens is free and open source. If it cleared up some gigabytes for you, you can buy me a coffee.
MIT Β© Ashad Mohamed