Security

Periphery performs its analysis locally on your machine, no remote services are used to aid analysis. This quick guide will show you how to validate this claim yourself.

Network Activity

To validate that Periphery does not depend upon any remote services, you can simply disconnect your network before running Periphery - you'll see that it produces the same results regardless. However, if you'd like a more in-depth approach, you can use nettop (preinstalled with macOS) to monitor network connections.

Before running Periphery, in a new terminal run:

nettop -p periphery

nettop will begin monitoring for network connections by processes matching the name 'periphery'. Now run Periphery in another terminal. Once Periphery is finished, you should see a single TCP connection to github.com on port 443 (HTTPS). Periphery connects to GitHub to check for new releases in order to notify you. Specifically, Periphery uses the GitHub API to query the releases hosted at peripheryapp/releases.

Open Files

To see which files Periphery (and its dependencies) open, you can use opensnoop which also comes preinstalled with macOS.

Before running Periphery, in a new terminal run:

sudo opensnoop -n periphery

opensnoop will begin monitoring for files opened by processes matching the name 'periphery'. Now run Periphery in another terminal. The opensnoop output will show that Periphery itself does not directly open any Swift source files. Swift files are instead opened by SourceKitService, a tool bundled with Xcode. To validate this behavior, replace 'periphery' with 'SourceKitService' as the argument to the opensnoop command.