skylos 2.2.3__tar.gz → 2.4.0__tar.gz

{skylos-2.2.3 → skylos-2.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skylos
-Version: 2.2.3
+Version: 2.4.0
 Summary: A static analysis tool for Python codebases
 Author-email: oha <aaronoh2015@gmail.com>
 Requires-Python: >=3.9

{skylos-2.2.3 → skylos-2.4.0}/README.md

@@ -2,8 +2,11 @@
 
 ![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)
 ![100% Local](https://img.shields.io/badge/privacy-100%25%20local-brightgreen)
+![PyPI - Python Version](https://img.shields.io/pypi/pyversions/skylos)
 ![PyPI version](https://img.shields.io/pypi/v/skylos)
+![VS Code Marketplace](https://img.shields.io/visual-studio-marketplace/v/oha.skylos-vscode-extension)
 ![Security Policy](https://img.shields.io/badge/security-policy-brightgreen)
+![PRs welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)
 
 <div align="center">
    <img src="assets/SKYLOS.png" alt="Skylos Logo" width="200">
@@ -25,7 +28,7 @@
 - [Web Interface](#web-interface)
 - [Design](#design)
 - [Test File Detection](#test-file-detection)
-- [Folder Management](#folder-management)
+- [Vibe Coding](#vibe-coding)
 - [Ignoring Pragmas](#ignoring-pragmas)
 - [Including & Excluding Files](#including--excluding-files)
 - [CLI Options](#cli-options)
@@ -33,6 +36,7 @@
 - [Interactive Mode](#interactive-mode)
 - [Development](#development)
 - [CI/CD (Pre-commit & GitHub Actions)](#cicd-pre-commit--github-actions)
+- [VS Code extension](#vsc-extension)
 - [FAQ](#faq)
 - [Limitations](#limitations)
 - [Troubleshooting](#troubleshooting)
@@ -52,8 +56,8 @@
 * **Unused Imports**: Identifies imports that are not used
 * **Folder Management**: Inclusion/exclusion of directories 
 * **Ignore Pragmas**: Skip lines tagged with `# pragma: no skylos`, `# pragma: no cover`, or `# noqa`
-**NEW** **Secrets Scanning (PoC, opt-in)**: Detects API keys & secrets (GitHub, GitLab, Slack, Stripe, AWS, Google, SendGrid, Twilio, private key blocks)
-
+* **NEW** **Secrets Scanning (PoC, opt-in)**: Detects API keys & secrets (GitHub, GitLab, Slack, Stripe, AWS, Google, SendGrid, Twilio, private key blocks)
+* **NEW** **Dangerous Patterns**: Flags risky code such as `eval/exec`, `os.system`, `subprocess(shell=True)`, `pickle.load/loads`, `yaml.load` without SafeLoader, hashlib.md5/sha1. Refer to `DANGEROUS_CODE.md` for the whole list. This includes SQL injection, path traversal and any other security flaws that may arise from the practise of vibe-coding. 
 
 ## Benchmark (You can find this benchmark test in `test` folder)
 
@@ -98,6 +102,7 @@ pip install .
 skylos /path/to/your/project
 
 skylos /path/to/your/project --secrets  ## include api key scan
+skylos /path/to/your/project --danger   ## include safety scan for dangerous code
 
 # To launch the front end
 skylos run
@@ -111,8 +116,12 @@ skylos . --interactive --comment-out
 # Dry run - see what would be removed
 skylos --interactive --dry-run /path/to/your/project 
 
+# Load the results in json format
 skylos --json /path/to/your/project 
 
+# Load the results in table format
+skylos --table /path/to/your/project 
+
 # With confidence
 skylos path/to/your/file --confidence 20 ## or whatever value u wanna set
 ```
@@ -199,6 +208,49 @@ When Skylos detects a test file, it by default, will apply a confidence penalty
 /project/test_data.py 
 ```
 
+## Vibe-Coding
+
+We are aware that vibe coding has created a lot of vulnerabilities. To an AI, it's job is to spit out a list of tokens with the highest probability, whether it's right or not. This may introduce vulnerabilities in their applications. We have expanded Skylos to catch the most important problems first. 
+
+- SQL injection (cursor)
+- SQL injection (raw-API)
+- Command injection
+- SSRF
+- Path traversal
+- eval/exec
+- pickle.load/loads
+- yaml.load w/o SafeLoader
+- weak hashes MD5/SHA1
+- subprocess(..., shell=True)
+- requests(..., verify=False)
+
+### Quick Start
+
+```bash
+skylos /path/to/your/project --danger
+```
+
+### Examples that will be flagged
+
+```
+# SQLi (cursor)
+cur.execute(f"SELECT * FROM users WHERE name='{name}'")
+
+# SQLi (raw-api)
+pd.read_sql("SELECT * FROM users WHERE name='" + q + "'", conn)
+
+# Command injection
+os.system("zip -r out.zip " + folder)
+
+# SSRF
+requests.get(request.args["url"], timeout=3)
+
+# Path traversal
+with open(request.args.get("p"), "r") as f: ...
+```
+
+This list will be expanded in the near future. For more information, refer to `DANGEROUS_CODE.md` 
+
 ## Ignoring Pragmas
 
 1. To ignore any warning, indicate `# pragma: no skylos` **ON THE SAME LINE** as the function/class you want to ignore
@@ -251,6 +303,7 @@ Arguments:
 Options:
   -h, --help                   Show this help message and exit
   --json                       Output raw JSON instead of formatted text  
+  --table                      Output results in table format via the CLI
   -o, --output FILE            Write output to file instead of stdout
   -v, --verbose                Enable verbose output
   --version                    Checks version
@@ -262,6 +315,7 @@ Options:
   --list-default-excludes      List the default excluded folders and
   -c, --confidence LEVEL       Confidence threshold (0-100). Lower values will show more items.
   -- secrets                   Scan for api keys/secrets
+  -- danger                    Scan for dangerous code
 ```
 
 ## Interactive Mode
@@ -276,22 +330,97 @@ The interactive mode lets you select specific functions and imports to remove:
 
 Pick **one** (or use **both**) 
 
-1. Pre-commit (local + CI): runs Skylos before commits/PRs.
+1. GitHub Actions: runs Skylos on pushes/PRs in CI.
+   - No local install needed
+
+2. Pre-commit (local + CI): runs Skylos before commits/PRs.
    - You must install pre-commit locally once. Skylos gets installed automatically by the hook.
 
-2. GitHub Actions: runs Skylos on pushes/PRs in CI.
-   - No local install needed
+### Option A — Github Actions
+
+1. Create .github/workflows/skylos.yml **(COPY THE ENTIRE SKYLOS.YAML FROM BELOW)**:
+
+```yaml
+name: Skylos Deadcode Scan
+
+on:
+  pull_request:
+  push:
+    branches: [ main, master ]
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    env:
+      SKYLOS_STRICT: ${{ vars.SKYLOS_STRICT || 'false' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
 
-### Option A — Pre-commit (local + CI)
+      - name: Install Skylos
+        run: pip install skylos
 
-1. Create or edit `.pre-commit-config.yaml` at the repo root:
+      - name: Run Skylos
+        env:
+          REPORT: skylos_${{ github.run_number }}_${{ github.sha }}.json
+        run: |
+          echo "REPORT=$REPORT" >> "$GITHUB_OUTPUT"
+          skylos . --json > "$REPORT"
+        id: scan
+
+      - name: Fail if there are findings
+        continue-on-error: ${{ env.SKYLOS_STRICT != 'true' }}
+        env:
+          REPORT: ${{ steps.scan.outputs.REPORT }}
+        run: |
+            python - << 'PY'
+            import json, sys, os
+            report = os.environ["REPORT"]
+            data = json.load(open(report, "r", encoding="utf-8"))
+            count = 0
+            for value in data.values():
+                if isinstance(value, list):
+                    count += len(value)
+            print(f"Findings: {count}")
+            if count > 0:
+              print(f"::warning title=Skylos findings::{count} potential issues found. See {report}")
+            sys.exit(1 if count > 0 else 0)
+            PY
+
+      - name: Upload report artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.scan.outputs.REPORT }}
+          path: ${{ steps.scan.outputs.REPORT }}
+
+      - name: Summarize in job log
+        if: always()
+        run: |
+          echo "Skylos report: ${{ steps.scan.outputs.REPORT }}" >> $GITHUB_STEP_SUMMARY
+```
+
+**To make the job fail on findings (strict mode)**:
+
+1. Go to GitHub -> Settings -> Secrets and variables -> Actions -> Variables
+
+2. Add variable SKYLOS_STRICT with value true
+
+### Option B — Pre-commit (local + CI)
+
+. Create or edit `.pre-commit-config.yaml` at the repo root:
 
 **A: Skylos hook repo**
 ```yaml
 ## .pre-commit-config.yaml
 repos:
   - repo: https://github.com/duriantaco/skylos
-    rev: v2.2.3
+    rev: v2.4.0
     hooks:
       - id: skylos-scan
         name: skylos report
@@ -300,7 +429,7 @@ repos:
         types_or: [python]
         pass_filenames: false
         require_serial: true
-        args: [".", "--output", "report.json", "--confidence", "70"]
+        args: [".", "--output", "report.json", "--confidence", "70", "--danger"]
 
   - repo: local
     hooks:
@@ -341,7 +470,7 @@ repos:
         entry: python -m skylos.cli
         pass_filenames: false
         require_serial: true
-        additional_dependencies: [skylos==2.2.3]
+        additional_dependencies: [skylos==2.4.0]
         args: [".", "--output", "report.json", "--confidence", "70"]
 
       - id: skylos-fail-on-findings
@@ -397,80 +526,15 @@ jobs:
 
 **Pre commit behavior:** the second hook is soft by default (SKYLOS_SOFT=1). This means that it prints findings and passes. You can remove the env/logic if you want pre-commit to block commits on finding
 
-### Option B — Github Actions
+## VS Code extension
 
-1. Create .github/workflows/skylos.yml:
+Skylos has a VS Code extension that runs on save like a linter. Runs automatically on save of Python files. You will ll see squiggles + a popup like "Skylos found N items." For more information, refer to the VSC `README.md` inside the marketplace.
 
-```yaml
-name: Skylos Deadcode Scan
+### Install
 
-on:
-  pull_request:
-  push:
-    branches: [ main, master ]
-  workflow_dispatch:
+From VS Code Marketplace: "Skylos" (publisher: oha)
 
-jobs:
-  scan:
-    runs-on: ubuntu-latest
-    env:
-      SKYLOS_STRICT: ${{ vars.SKYLOS_STRICT || 'false' }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-          cache: 'pip'
-
-      - name: Install Skylos
-        run: pip install skylos
-
-      - name: Run Skylos
-        env:
-          REPORT: skylos_${{ github.run_number }}_${{ github.sha }}.json
-        run: |
-          echo "REPORT=$REPORT" >> "$GITHUB_OUTPUT"
-          skylos . --json > "$REPORT"
-        id: scan
-
-      - name: Fail if there are findings
-        continue-on-error: ${{ env.SKYLOS_STRICT != 'true' }}
-        env:
-          REPORT: ${{ steps.scan.outputs.REPORT }}
-        run: |
-            python - << 'PY'
-            import json, sys, os
-            report = os.environ["REPORT"]
-            data = json.load(open(report, "r", encoding="utf-8"))
-            count = 0
-            for value in data.values():
-                if isinstance(value, list):
-                    count += len(value)
-            print(f"Findings: {count}")
-            if count > 0:
-              print(f"::warning title=Skylos findings::{count} potential issues found. See {report}")
-            sys.exit(1 if count > 0 else 0)
-            PY
-
-      - name: Upload report artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ steps.scan.outputs.REPORT }}
-          path: ${{ steps.scan.outputs.REPORT }}
-
-      - name: Summarize in job log
-        if: always()
-        run: |
-          echo "Skylos report: ${{ steps.scan.outputs.REPORT }}" >> $GITHUB_STEP_SUMMARY
-```
-
-**To make the job fail on findings (strict mode)**:
-
-1. Go to GitHub -> Settings -> Secrets and variables -> Actions -> Variables
-
-2. Add variable SKYLOS_STRICT with value true
+Version: `0.1.0`
 
 ## Development
 
@@ -519,6 +583,9 @@ A: Web framework routes are given low confidence (20) because they might be call
 **Q: What confidence level should I use?**
 A: Start with 60 (default) for safe cleanup. Use 30 for framework applications. Use 20 for more comprehensive auditing.
 
+**Q: What does `--danger` check**?
+A: It flags common security problems. Refer to `DANGEROUS_CODE.md` for the full details
+
 ## Limitations
 
 - **Dynamic code**: `getattr()`, `globals()`, runtime imports are hard to detect
@@ -562,6 +629,8 @@ We welcome contributions! Please read our [Contributing Guidelines](CONTRIBUTING
 - [x] CI/CD integration examples
 - [ ] Further optimization
 - [ ] Add new rules
+- [ ] Expanding on the `dangerous.py` list
+- [ ] Porting to uv
 
 ## License
 

{skylos-2.2.3 → skylos-2.4.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "skylos"
-version = "2.2.3"
+version = "2.4.0"
 requires-python = ">=3.9"
 description = "A static analysis tool for Python codebases"
 authors = [{name = "oha", email = "aaronoh2015@gmail.com"}]

{skylos-2.2.3 → skylos-2.4.0}/setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 
 setup(
     name="skylos",
-    version="2.2.3",
+    version="2.4.0",
     packages=find_packages(),
     python_requires=">=3.9",
     install_requires=[

{skylos-2.2.3 → skylos-2.4.0}/skylos/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "2.2.3"
+__version__ = "2.4.0"
 
 def analyze(*args, **kwargs):
     from .analyzer import analyze as _analyze

{skylos-2.2.3 → skylos-2.4.0}/skylos/analyzer.py

@@ -9,6 +9,7 @@ from skylos.visitor import Visitor
 from skylos.constants import ( PENALTIES, AUTO_CALLED )
 from skylos.visitors.test_aware import TestAwareVisitor
 from skylos.rules.secrets import scan_ctx as _secrets_scan_ctx
+from skylos.rules.danger.danger import scan_ctx as scan_danger
 import os
 import traceback
 from skylos.visitors.framework_aware import FrameworkAwareVisitor, detect_framework_usage
@@ -238,7 +239,7 @@ class Skylos:
                     if method.simple_name == "format" and cls.endswith("Formatter"):
                         method.references += 1
 
-    def analyze(self, path, thr=60, exclude_folders= None, enable_secrets = False):
+    def analyze(self, path, thr=60, exclude_folders= None, enable_secrets = False, enable_danger = False):
         files, root = self._get_python_files(path, exclude_folders)
         
         if not files:
@@ -262,6 +263,7 @@ class Skylos:
             modmap[f] = self._module(root, f)
         
         all_secrets = []
+        all_dangers = []
         for file in files:
             mod = modmap[file]
             defs, refs, dyn, exports, test_flags, framework_flags = proc_file(file, mod)
@@ -276,13 +278,25 @@ class Skylos:
 
             if enable_secrets and _secrets_scan_ctx is not None:
                 try:
-                    src_lines = Path(file).read_text(encoding="utf-8", errors="ignore").splitlines(True)
-                    ctx = {"relpath": str(file), "lines": src_lines, "tree": None}
+                    src = Path(file).read_text(encoding="utf-8", errors="ignore")
+                    src_lines = src.splitlines(True)
+                    rel = str(Path(file).relative_to(root))
+                    ctx = {"relpath": rel, "lines": src_lines, "tree": None}
                     findings = list(_secrets_scan_ctx(ctx))
                     if findings:
                         all_secrets.extend(findings)
                 except Exception:
                     pass
+            
+            if enable_danger and scan_danger is not None:
+                try:
+                    findings = scan_danger(root, [file])
+                    if findings:
+                        all_dangers.extend(findings)
+                except Exception as e:
+                    logger.error(f"Error scanning {file} for dangerous code: {e}")
+                    if os.getenv("SKYLOS_DEBUG"):
+                        logger.error(traceback.format_exc())
 
         self._mark_refs()
         self._apply_heuristics() 
@@ -296,7 +310,6 @@ class Skylos:
         for d in sorted(self.defs.values(), key=def_sort_key):
             if shown >= 50:
                 break
-            print(f" type={d.type} refs={d.references} conf={d.confidence} exported={d.is_exported} line={d.line} name={d.name}")
             shown += 1
 
         unused = []
@@ -318,7 +331,12 @@ class Skylos:
 
         if enable_secrets and all_secrets:
             result["secrets"] = all_secrets
+            result["analysis_summary"]["secrets_count"] = len(all_secrets)
         
+        if enable_danger and all_dangers:
+            result["danger"] = all_dangers
+            result["analysis_summary"]["danger_count"] = len(all_dangers)
+
         for u in unused:
             if u["type"] in ("function", "method"):
                 result["unused_functions"].append(u)
@@ -370,70 +388,104 @@ def proc_file(file_or_args, mod=None):
 
         return [], [], set(), set(), dummy_visitor, dummy_framework_visitor
 
-def analyze(path, conf=60, exclude_folders=None, enable_secrets=False):
-    return Skylos().analyze(path,conf, exclude_folders, enable_secrets)
+def analyze(path, conf=60, exclude_folders=None, enable_secrets=False, enable_danger=False):
+    return Skylos().analyze(path,conf, exclude_folders, enable_secrets, enable_danger)
 
 if __name__ == "__main__":
-    if len(sys.argv)>1:
-        p = sys.argv[1]
-        confidence = int(sys.argv[2]) if len(sys.argv) >2 else 60
-        result = analyze(p,confidence)
-        
-        data = json.loads(result)
-        print("\n Python Static Analysis Results")
-        print("===================================\n")
-        
-        total_items = 0
-        for key, items in data.items():
-            if key.startswith("unused_") and isinstance(items, list):
-                total_items += len(items)
-        
-        print("Summary:")
-        if data["unused_functions"]:
-            print(f" * Unreachable functions: {len(data['unused_functions'])}")
-        if data["unused_imports"]:
-            print(f" * Unused imports: {len(data['unused_imports'])}")
-        if data["unused_classes"]:
-            print(f" * Unused classes: {len(data['unused_classes'])}")
-        if data["unused_variables"]:
-            print(f" * Unused variables: {len(data['unused_variables'])}")
-        
-        if data["unused_functions"]:
-            print("\n - Unreachable Functions")
-            print("=======================")
-            for i, func in enumerate(data["unused_functions"], 1):
-                print(f" {i}. {func['name']}")
-                print(f"    └─ {func['file']}:{func['line']}")
-        
-        if data["unused_imports"]:
-            print("\n - Unused Imports")
-            print("================")
-            for i, imp in enumerate(data["unused_imports"], 1):
-                print(f" {i}. {imp['simple_name']}")
-                print(f"    └─ {imp['file']}:{imp['line']}")
-        
-        if data["unused_classes"]:
-            print("\n - Unused Classes")
-            print("=================")
-            for i, cls in enumerate(data["unused_classes"], 1):
-                print(f" {i}. {cls['name']}")
-                print(f"    └─ {cls['file']}:{cls['line']}")
-                
-        if data["unused_variables"]:
-            print("\n - Unused Variables")
-            print("==================")
-            for i, var in enumerate(data["unused_variables"], 1):
-                print(f" {i}. {var['name']}")
-                print(f"    └─ {var['file']}:{var['line']}")
-        
-        print("\n" + "─" * 50)
-        print(f"Found {total_items} dead code items. Add this badge to your README:")
-        print(f"```markdown")
-        print(f"![Dead Code: {total_items}](https://img.shields.io/badge/Dead_Code-{total_items}_detected-orange?logo=codacy&logoColor=red)")
-        print(f"```")
+    enable_secrets = ("--secrets" in sys.argv)
+    enable_danger  = ("--danger"  in sys.argv)
+
+    positional = [a for a in sys.argv[1:] if not a.startswith("--")]
+
+    if not positional:
+        print("Usage: python Skylos.py <path> [confidence_threshold] [--secrets] [--danger]")
+        sys.exit(2)
+
+    p = positional[0]
+    confidence = int(positional[1]) if len(positional) > 1 else 60
+
+    result = analyze(p, confidence, enable_secrets=enable_secrets, enable_danger=enable_danger)
         
-        print("\nNext steps:")
-        print("  * Use --interactive to select specific items to remove")
-        print("  * Use --dry-run to preview changes before applying them")
+    data = json.loads(result)
+    print("\n Python Static Analysis Results")
+    print("===================================\n")
+    
+    total_dead = 0
+    for key, items in data.items():
+        if key.startswith("unused_") and isinstance(items, list):
+            total_dead += len(items)
+
+    danger_count = data.get("analysis_summary", {}).get("danger_count", 0) if enable_danger else 0
+    secrets_count = data.get("analysis_summary", {}).get("secrets_count", 0) if enable_secrets else 0
+    
+    print("Summary:")
+    if data["unused_functions"]:
+        print(f" * Unreachable functions: {len(data['unused_functions'])}")
+    if data["unused_imports"]:
+        print(f" * Unused imports: {len(data['unused_imports'])}")
+    if data["unused_classes"]:
+        print(f" * Unused classes: {len(data['unused_classes'])}")
+    if data["unused_variables"]:
+        print(f" * Unused variables: {len(data['unused_variables'])}")
+    if enable_danger:
+        print(f" * Security issues: {danger_count}")
+    if enable_secrets:
+        print(f" * Secrets found: {secrets_count}")
+
+    if data["unused_functions"]:
+        print("\n - Unreachable Functions")
+        print("=======================")
+        for i, func in enumerate(data["unused_functions"], 1):
+            print(f" {i}. {func['name']}")
+            print(f"    └─ {func['file']}:{func['line']}")
+    
+    if data["unused_imports"]:
+        print("\n - Unused Imports")
+        print("================")
+        for i, imp in enumerate(data["unused_imports"], 1):
+            print(f" {i}. {imp['simple_name']}")
+            print(f"    └─ {imp['file']}:{imp['line']}")
+    
+    if data["unused_classes"]:
+        print("\n - Unused Classes")
+        print("=================")
+        for i, cls in enumerate(data["unused_classes"], 1):
+            print(f" {i}. {cls['name']}")
+            print(f"    └─ {cls['file']}:{cls['line']}")
+            
+    if data["unused_variables"]:
+        print("\n - Unused Variables")
+        print("==================")
+        for i, var in enumerate(data["unused_variables"], 1):
+            print(f" {i}. {var['name']}")
+            print(f"    └─ {var['file']}:{var['line']}")
+
+    if enable_danger and data.get("danger"):
+        print("\n - Security Issues")
+        print("================")
+        for i, f in enumerate(data["danger"], 1):
+            print(f" {i}. {f['message']} [{f['rule_id']}] ({f['file']}:{f['line']}) Severity: {f['severity']}")
+
+    if enable_secrets and data.get("secrets"):
+        print("\n - Secrets")
+        print("==========")
+        for i, s in enumerate(data["secrets"], 1):
+            rid = s.get("rule_id", "SECRET")
+            msg = s.get("message", "Potential secret")
+            file = s.get("file")
+            line = s.get("line", 1)
+            sev = s.get("severity", "HIGH")
+            print(f" {i}. {msg} [{rid}] ({file}:{line}) Severity: {sev}")
+    
+    print("\n" + "─" * 50)
+    if enable_danger:
+        print(f"Found {total_dead} dead code items and {danger_count} security flaws. Add this badge to your README:")
     else:
-        print("Usage: python Skylos.py <path> [confidence_threshold]")
+        print(f"Found {total_dead} dead code items. Add this badge to your README:")
+    print("```markdown")
+    print(f"![Dead Code: {total_dead}](https://img.shields.io/badge/Dead_Code-{total_dead}_detected-orange?logo=codacy&logoColor=red)")
+    print("```")
+    
+    print("\nNext steps:")
+    print("  * Use --interactive to select specific items to remove")
+    print("  * Use --dry-run to preview changes before applying them")