michelon/sidetect
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A macOS command-line tool that detects if SecureInput is enabled.
5 commits 1 branch 0 tags 38 KiB
  • Swift 100%
Find a file
Exact
Xavier Michelon 037ca473b5
 Merge branch 'master' of https://forgejo.michelon.ch/michelon/sidetect 
# Conflicts:
#	README.md
2026-03-30 09:54:21 +02:00
Sources/sidetect Add continuous mode. 2026-03-30 09:52:36 +02:00
.gitignore Initial commit. 2026-03-28 09:40:59 +01:00
LICENSE.md Add README and LICENSE files. 2026-03-28 09:50:29 +01:00
Package.resolved Initial commit. 2026-03-28 09:40:59 +01:00
Package.swift Add README and LICENSE files. 2026-03-28 09:50:29 +01:00
README.md Add continuous mode. 2026-03-30 09:52:36 +02:00

README.md

sidetect — Secure Input Detector

A minimal macOS command-line tool that detects whether Secure Input is currently enabled and, if so, which application is responsible.

Secure Input is a macOS feature that prevents other processes from reading keyboard events. It is typically activated by password fields in browsers, terminal emulators, and password managers. If an application enables Secure Input and crashes or misbehaves without disabling it, keyboard input may stop working correctly in other apps (e.g. key remappers like Karabiner-Elements).

Requirements

  • macOS 26 or later
  • Swift 6.3+ / Xcode 26+

The software may compile and run on older systems, but they were not tested.

Build

git clone https://forgejo.michelon.ch/michelon/sidetect.git
cd sidetect
swift build -c release

The compiled binary will be at .build/release/sidetect.

Usage

OVERVIEW: Detects whether macOS Secure Input is enabled and which app holds it.

USAGE: sidetect [--pid] [--app-name] [--version] [--continuous] [--interval <interval>]

OPTIONS:
  -p, --pid                      Print only the PID of the locking app (nothing if Secure Input is disabled).
  -a, --app-name                 Print only the app name of the locking app (nothing if Secure Input is disabled).
  -v, --version                  Print version information.
  -c, --continuous               Continuously report Secure Input state (press Ctrl-C to stop).
  -i, --interval <interval>      Polling interval in seconds when used with --continuous (default: 2).
  -h, --help                     Show help information.

Examples

When Secure Input is disabled:

$ sidetect
Secure Input is disabled.

$ sidetect -p
(no output)

$ sidetect -a
(no output)

When Secure Input is enabled:

$ sidetect
Secure Input is enabled by iTerm2 (PID 1234).

$ sidetect -p
1234

$ sidetect -a
iTerm2

Continuous monitoring:

$ sidetect -c
Secure Input is disabled.
Secure Input is disabled.
Secure Input is enabled by iTerm2 (PID 1234).
...

$ sidetect -c -i 2
Secure Input is disabled.
Secure Input is disabled.
...

Other:

$ sidetect -v
sidetect (Secure Input Detector) v1.0

$ sidetect -h
OVERVIEW: Detects whether macOS Secure Input is enabled and which app holds it.
...

How It Works

  1. IsSecureEventInputEnabled() (Carbon / HIToolbox) checks whether Secure Input is active.
  2. If active, the responsible PID is read from the kCGSSessionSecureInputPID key inside the IOConsoleUsers dictionary in the IORegistry root entry.
  3. The process name is resolved from the PID using sysctl(KERN_PROC_PID).

License

This software is released under the terms of the MIT License.

Author

Xavier Michelon