Safety model
nodehunter separates finding from deleting. Every destructive path requires an explicit command and, in normal use, your confirmation.
Default is safe
| You run | Result |
|---|---|
nodehunter | Help only — no filesystem changes |
nodehunter scan | Read-only discovery of node_modules paths |
nodehunter size | Read-only measurement |
nodehunter list / find / why / inspect | Read-only analysis |
Nothing is removed unless you run delete and confirm (or pass --yes intentionally).
Deletion requires explicit intent
| You run | What happens |
|---|---|
nodehunter delete (interactive TTY) | Sized preview, then confirm prompt — default no |
nodehunter delete --yes | Skips prompt; deletes matched directories (scripts / CI only) |
nodehunter delete (non-interactive, no --yes) | Refused — exit error with guidance |
This protects against alias accidents:
alias nh=nodehunter
nh scan ~/Projects # read-only — does NOT deleteRecommended workflow
- Scope the scan with
[path]or-p— avoid walking your entire home directory unless you mean to. - Discover with
scanor measure withsize. - Review largest projects and workspace queries (
list,inspect). - Delete interactively on your machine; reserve
--yesfor automation you have reviewed.
See Workflows for copy-paste examples.
Non-interactive environments
In CI, cron, or piped shells, delete without --yes exits with an error instead of guessing. Pass --yes only in jobs that already consumed a sized preview (for example via --json) and target a scoped path.
Combine with --json when scripts need structured output and exit codes rather than log parsing. See JSON output.
Permissions
If deletion fails with permission errors, fix ownership on the affected tree (POSIX example):
sudo chown "$(id -un)":"$(id -gn)" /path/to/project/node_modulesOn Windows, adjust ACLs via Explorer or icacls. nodehunter does not escalate privileges.
Related
- CLI overview
- delete command
- Global flags —
--yes,--json,--silent