Skip to content

v0.26.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 22:15
· 18 commits to main since this release
v0.26.0
cb57cd7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Aguara v0.26.0 expands malicious-package coverage by understanding OSV advisories that affect every version of a package and bounded npm semver ranges.

Until now, aguara check matched advisories that list exact affected versions. Most malicious-package advisories on OSV.dev do not: they say "every version of this package is malicious", and a smaller set carries real npm version bounds. This release imports both shapes, so the embedded snapshot now covers around 196,000 npm and 6,400 PyPI packages that were previously invisible to a check - they flag at any installed version.

# A package marked malicious at every version now flags regardless of the version installed
aguara check .

# Works pre-install too, straight off the lockfile of a cloned repo
git clone <repo> && cd <repo> && aguara check .

# See what intel the binary carries
aguara status
# Embedded (osv): 26,268 records + 202,526 all-versions entries

What's inside

  • All-versions advisory matching: OSV malicious records whose ranges mark every version affected are imported as a compact set and matched by package name alone, in any ecosystem. Matches carry the advisory ID and its osv.dev reference.
  • npm bounded ranges: malicious npm advisories with real version boundaries are evaluated by the semver engine - introduced inclusive, fixed exclusive, verified against real OSV shapes. A version at or past the fix never flags.
  • A hardened false-positive gate: both range channels require the firm malicious-package signal (the MAL- namespace or OpenSSF Malicious Packages origin). Keyword-qualified records stay exact-version only, because a keyword false positive on a range would flag every version below the bound. Generic CVEs (axios, @angular/core, playwright) were caught arriving through that path during pre-release review and are excluded by design, with a regression test locking the gate.
  • Measured cost: snapshot blob 1.0 -> 3.1 MB gzipped inside the binary, steady-state intel memory 32.7 MB during a check. Checks stay offline and deterministic; the JSON output contract is unchanged.

Install or upgrade

# Homebrew
brew install garagon/tap/aguara && brew upgrade aguara

# Install script (signed, checksum-verified)
curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | VERSION=v0.26.0 sh

# Docker (multi-arch, signed, SBOM + SLSA provenance)
docker run --rm -v "$PWD:/repo:ro" ghcr.io/garagon/aguara:0.26.0 check /repo

Compatibility

  • The snapshot format gains a parallel all_versions section. Old binaries ignore it; new binaries accept old snapshots. No format break.
  • Rule IDs, severities, and the JSON Severity encoding are unchanged. 250 cataloged detections.

Verify this release

cosign verify-blob \
  --certificate-identity-regexp 'github.com/garagon/aguara' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate checksums.txt.pem --signature checksums.txt.sig checksums.txt

cosign verify ghcr.io/garagon/aguara@sha256:71751063877abdcfdc27ec2878f79995a97a0cd436fbdca3c0ad66c3359ee100 \
  --certificate-identity-regexp 'github.com/garagon/aguara' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com
Full changelog

See CHANGELOG.md for the complete entry, including the measurement pass (#216) that set the direction: over 99% of malicious range advisories are the all-versions shape, so version-grammar work per ecosystem was deliberately skipped.

Assets 16
Loading