v0.0.45
Released Jun 13, 2026
All releases
Release Notes
Technology detection lands, cloud rendering turns on by default for logged-in audits, scheduled audits move to Pro, and a batch of community-requested audit fixes — plus a ~3 MB smaller binary.
New: Technology detection
squirrel auditnow identifies the tech behind any site — 385 fingerprints across CMS, frameworks, CDN & hosting, analytics, tag managers, payments, chat, and security/consent tools, rendered as a dedicated Technologies section in every format (console, HTML, Markdown, JSON, XML, LLM) with logos. Logged-in audits run it automatically (5 credits/scan); it's report-only and never affects your health score. (Partly addresses #10 — thanks @wildfiremedia.)- Per-domain history — squirrelscan remembers what it last saw on each domain and flags what changed since. The current snapshot is free; the historical timeline is a paid-plan feature.
Cloud rendering, on by default
- Logged-in audits now render pages in a real cloud browser by default, after a one-time consent prompt — so JavaScript-heavy and SPA sites are audited the way users actually see them, no extra flags. Your choice is remembered.
--renderforces rendering for a single run,--httpforces a plain fetch, and non-interactive runs stay on HTTP until you've opted in (--yesalone doesn't grant consent).
Scheduled audits
- Recurring scheduled audits are now part of the Pro plan — free orgs see an upgrade prompt where scheduling used to be.
- Every audit carries a source badge —
cli,cloud,scheduled, orgithub— across the CLI, report lists, and dashboard, so you can see at a glance where each run came from.
Audit rules
- New "Blocking" category — the old ad-blocker check is now its own Blocking section with two sub-groups, ad blocking and privacy blocking, surfaced everywhere reports render. Blocked-link and privacy-tracker findings are now warnings (previously informational).
--category adblockstill works as an alias and older saved reports normalize automatically. - LCP hints read cleanly across pages (#16 — thanks @wildfiremedia) — the LCP Optimization Hints check now shows a per-page count ("3 likely-LCP images loaded without preload") instead of dumping every image URL into one confusing cross-page list.
- Sharper response-header checks (#20 — thanks @wildfiremedia) — HSTS
max-age=0is now flagged as "HSTS disabled" (it tells browsers to stop enforcing HTTPS) rather than "0 days too short", a malformed HSTS header with nomax-ageis caught, and sites advertising only HTTP/2 get a nudge toward HTTP/3.
Dashboard
Alongside this release, the dashboard moved its org, settings, website, and schedule pages onto the shared component kit — consistent cards, forms, inputs, badges, and loading/empty/error states, with proper disabled-during-submit behavior on every form.
Under the hood
- The binary is ~3 MB smaller — the bundled EasyList/EasyPrivacy filter lists and their parser were dead weight (ad/privacy detection runs in the cloud now), so they're out of the download.
Update to this version
squirrelscan will auto-update, or run this command to update now:
$