v0.0.60
Released Jun 28, 2026
All releases
Release Notes
New
- Custom request headers. Send any header on every crawl request with
-H "Name: Value"(repeatable) or a[crawler] headersblock insquirrel.toml— handy for auth tokens, feature flags, or getting past a WAF on a staging site. Header values are treated as secrets and redacted in output. - Cloaking detection. A new opt-in differential probe re-fetches suspicious pages as a search-engine crawler and flags any that serve different content to bots than to real visitors.
- Threat-intelligence checks. New opt-in rules scan for known-bad indicators and exploit-kit signatures, so a compromised site gets caught early.
Improvements
- Accurate cloud spend on cache hits. A cached render now shows as its own line in the spend summary instead of the full render estimate, so the total matches what you're actually charged.
- Sharper author detection. A bare "Editor" or "Editorial" byline no longer counts as real author attribution (fewer false E-E-A-T author signals), while a genuine byline like "Jane Smith, Editor" is still recognized.
- Faster audits. Page rules now run on a synchronous fast-path, trimming per-rule overhead across the whole run.
- Recurring findings, badged. The dashboard Issues tracker now badges findings carried over from a previous audit, so you can see what keeps coming back.
Install or update
curl -fsSL https://squirrelscan.com/install.sh | sh
# already installed:
squirrel self update
Update to this version
squirrelscan will auto-update, or run this command to update now:
$