Skip to main content

v0.0.48

Released Jun 15, 2026

All releases

Release Notes

squirrelscan v0.0.48

squirrelscan grows up into a platform. This release makes it programmable โ€” org-scoped API keys, a documented public REST API, and outbound webhooks โ€” and CI-native โ€” an official GitHub Action, build-gating exit codes, and token auth that just works in a pipeline. Plus auto-publish to your dashboard, faster re-audits, and a stack of sharp fixes. ๐Ÿฟ๏ธ

๐Ÿ”Œ The squirrelscan API

  • Org-scoped API keys with scopes โ€” mint keys per org, scoped to exactly what they're allowed to do, with rate limiting built in. Create and revoke them from a new API Keys page in the dashboard (scope picker, presets, one-time secret reveal). (#154, #158)
  • Public REST API โ€” a documented, stable surface with an OpenAPI spec and a consistent error envelope, so you can drive audits and pull results from your own tooling. (#175)
  • Outbound webhooks โ€” get notified when audits happen; org-scoped delivery with retries. (#171)
  • Developers hub โ€” a brand-new docs section pulling REST API, CI/CD, webhooks, authentication, and Agents & MCP together in one place โ†’ docs.squirrelscan.com/developers (#183)

โš™๏ธ Built for CI

  • Official GitHub Action โ€” uses: squirrelscan/audit-action@v1: install, audit, and gate your build in a few lines. (#168, #169)
  • --fail-on build gating โ€” fail the pipeline on a threshold you choose (score<90, score:perf<80, severity>=error, errors>0, โ€ฆ). Exit code 2 means a threshold tripped, 1 means the run itself broke โ€” so CI can tell a regression from a crash. (#167)
  • SQUIRREL_API_TOKEN env auth โ€” set one env var and the CLI authenticates with no login step, fail-closed (no silent fallback) โ€” built for CI secrets. squirrel whoami now shows your token's scopes. (#159)

โœจ New

  • Audits auto-publish to your dashboard โ€” signed-in audits now publish automatically (unlisted + free by default), so your audit history is always there. Public reports cost 2 credits; opt out anytime with --no-publish / --offline. (#170)
  • Sub-resource caching + a bad-caching rule โ€” crawls now cache CSS, JS, images, and fonts like a browser would, so repeat audits are noticeably faster, and a new performance rule flags pages serving poor caching headers. (#107, #108)
  • Smart audits (experimental, opt-in) โ€” a local per-page finding store with union scoring across runs; off by default, enable with smart_audits = true in squirrel.toml. (#110)
  • One up-front cloud consent prompt โ€” logged-in audits now ask once, with a clear cost estimate, before spending any credits โ€” no more per-step surprises. (#191)

๐Ÿ› Fixes

  • Cleaner console output โ€” run-relative timestamps and no more raw ISO date dumps cluttering the audit log. (#190)
  • Hardened auto-update โ€” skips CI, respects opt-out, configurable cadence, and a doctor health check, so background updates stay quiet and predictable. (#201)
  • Rendered audits no longer 413 โ€” technology detection now bounds its payload so large rendered pages don't blow the request size limit. (#192)
  • musl / Alpine installs โ€” the installer ensures libstdc++ is present, so the binary runs on Alpine out of the box. (#163)

๐Ÿงน Under the hood

  • Live-sync foundation โ€” a new org-scoped sync engine (Durable Object oplog + WebSocket push with ticket auth) lands behind a flag, paving the way for a real-time dashboard. (#205, #220)

Update to this version

squirrelscan will auto-update, or run this command to update now:

$

Downloads

macOS

Detected
Intel
squirrel-0.0.48-darwin-x64 ยท 72.5 MB
Download
SHA-256
Apple Silicon (M-series)
squirrel-0.0.48-darwin-arm64 ยท 67.1 MB
Download
SHA-256

Linux

ARM64 (musl/Alpine)
squirrel-0.0.48-linux-arm64-musl ยท 91.7 MB
Download
SHA-256
x64 (musl/Alpine)
squirrel-0.0.48-linux-x64-musl ยท 92.8 MB
Download
SHA-256
x64
squirrel-0.0.48-linux-x64 ยท 95.8 MB
Download
SHA-256
ARM64
squirrel-0.0.48-linux-arm64 ยท 95.9 MB
Download
SHA-256

Windows

x64 (Intel/AMD)
squirrel-0.0.48-windows-x64.exe ยท 99.8 MB
Download
SHA-256

Audit your site in one command

SEO, performance, security and agent readiness scanning, with fixes. Built for AI agents.

Install
$

No account needed. Log in to unlock cloud features.

Get updates on new features
low volume emails. we're scanning squirrels, not spammer squirrels.