v0.0.29
Released Feb 4, 2026
All releases
Release Notes
New Audit Rules
This release significantly expands rule coverage with improved detection across accessibility, performance, and security categories.
Accessibility Enhancements
- Color Contrast: Now performs actual WCAG 2.1 contrast ratio calculations (4.5:1 for normal text, 3:1 for large text) instead of pattern matching
- Link Text Detection: Expanded generic link text patterns from 12 to 50+ terms including action words, CTAs, and navigation patterns
- Redundant Alt Text: Added 20+ new patterns covering technical diagrams, file references, and lazy placeholder text
- ARIA Role Mappings: Added implicit ARIA role detection for 40+ HTML elements (lists, tables, forms, landmarks)
Performance Enhancements
- JS Library Detection: Expanded from 12 to 35+ libraries including:
- Frameworks: Svelte, Next.js, Nuxt
- State management: Redux, MobX, Zustand
- Visualization: Chart.js, Highcharts, ApexCharts
- Animation: Framer Motion, Anime.js, Lottie
- Legacy libraries with vulnerability tracking: Prototype.js, YUI
- Total Byte Weight: Now tracks external JavaScript file sizes for more accurate page weight reporting
Security Enhancements
- CSP Detection: Upgraded severity from
infotowarning, now validates specific directives (script-src, frame-ancestors, object-src) and detects weak values - Leaked Secrets: Reduced false positives by filtering code identifiers (camelCase, snake_case function names) and requiring assignment context
Other Improvements
- Improved accuracy of AWS secret key detection patterns
- Fixed false positive detection in security scans for array elements vs assigned values
Update to this version
squirrelscan will auto-update, or run this command to update now:
$