v0.0.26

New Audit Rules

62 new audit rules added across multiple categories, bringing comprehensive coverage for accessibility, performance, and security best practices.

Accessibility (48 new rules)

ARIA validation and naming:

• aria-valid-attr / aria-valid-attr-value - Validates ARIA attribute names and values
• aria-roles - Checks for valid ARIA role values
• aria-required-attr / aria-required-parent / aria-required-children - Ensures proper ARIA structure
• aria-hidden-body / aria-hidden-focus - Prevents hiding content from assistive technology incorrectly
• aria-command-name / aria-input-field-name / aria-toggle-field-name - Ensures interactive elements have accessible names

Element accessibility:

• button-name - Checks all buttons have accessible names
• empty-heading - Detects headings without content
• frame-title - Ensures iframes have title attributes
• select-name - Validates select elements have labels

Structure and navigation:

• definition-list / dlitem / list-structure / listitem - Validates list markup
• landmark-one-main - Ensures exactly one main landmark
• tabindex - Checks for appropriate tabindex values
• duplicate-id-aria - Prevents duplicate IDs in ARIA references

Language and content:

• html-lang-valid / valid-lang / html-xml-lang-mismatch - Validates language attributes
• meta-refresh - Detects problematic auto-refresh
• link-in-text-block - Ensures links are visually distinguishable
• paste-inputs - Detects inputs that block pasting (accessibility anti-pattern)

Performance (14 new rules)

• doctype / charset - Validates HTML5 document structure
• compression - Checks for Gzip/Brotli compression
• cache-headers - Analyzes Cache-Control configuration
• http2 - Checks HTTP/2 protocol support
• total-byte-weight - Monitors total page weight
• unminified-css / unminified-js - Detects unminified assets
• duplicate-js - Finds duplicate JavaScript libraries
• legacy-js - Detects ES5 polyfills and legacy code
• js-libraries - Identifies libraries and known vulnerabilities
• source-maps - Checks for exposed source maps
• animated-content - Suggests converting GIFs to video
• images/offscreen-lazy / images/optimized / images/responsive-size - Image optimization checks

Security (1 new rule)

• third-party-cookies - Detects third-party tracking resources

📖 Full rule documentation: https://docs.squirrelscan.com/rules

New Commands

squirrel auth - Authentication

Authenticate with your squirrelscan account for publishing reports and accessing :

squirrel auth login           # Opens browser for OAuth login
squirrel auth status          # Check authentication status
squirrel auth logout          # Sign out and revoke token

squirrel report --publish - Report Publishing

Publish audit reports to share with your team:

squirrel report --publish                        # Publish with default visibility
squirrel report --publish --visibility unlisted  # Unlisted report
squirrel report --publish --visibility private   # Private report

Published reports are available at reports.squirrelscan.com and can be managed from your dashboard.

Other Improvements

• squirrel report --list now shows published report status and URLs
• Added crawlId to JSON report output for tracking
• Shell completions updated with new auth commands and --publish/--visibility options
• Added musl (Alpine Linux) platform support in release manifest