If you discover a security vulnerability in Portpourri, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email jerry@skoczylas.dev with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You should receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.
Portpourri runs locally on macOS and interacts with the system through:
lsof— to probe TCP listenersps— to gather process metadata- Process working directory resolution via
/procequivalents
The app does not:
- Make network requests
- Collect or transmit any data
- Require elevated privileges (no
sudo) - Expose any network services
| Version | Supported |
|---|---|
| 0.1.x | Yes |
- The app is deliberately conservative about destructive actions
- Force-kill is never exposed without explicit user intent
- System processes cannot be terminated through the UI
- All process interaction uses standard POSIX signals (
SIGTERM)