v1.14.0: Bloom-filtered OSV checks and lifecycle-script content sniffing

Two new opt-in supply-chain layers on top of the v1.13 gates: a ~380 KB bloom-filter prefilter that lets plain reinstalls cheaply probe the OSV MAL-* set without pulling the 200 MB mirror, and a regex-based content sniff that flags dangerous shapes in dependency preinstall/install/postinstall scripts before you click through aube approve-builds.

Added

• (install) OSV bloom-filter prefilter for lockfile installs (#680 by @jdx) — New advisoryBloomCheck setting (on / required / off, default off) adds a fourth route to the post-resolve OSV decision table. Plain reinstalls probe the resolved transitive graph against a ~380 KB bloom filter fetched from endevco/osv-bloom — regenerated upstream every 10 minutes from OSV's MAL-* archive — and only escalate bloom hits to the live /querybatch API for exact (name, version) confirmation. Bloom FPR is ~0.1%, so a typical 1000-package lockfile triggers zero or one extra live-API round trip per install. When both are configured, the bloom branch wins over the 200 MB all.zip mirror — under 1 MB on the wire, same live-API oracle, same ERR_AUBE_MALICIOUS_PACKAGE on a confirmed hit. Cached under $XDG_CACHE_HOME/aube/osv-bloom/ and short-circuits the download when upstream's set_digest_sha256 is unchanged. New warning WARN_AUBE_OSV_BLOOM_REFRESH_FAILED: under on install continues against the previously cached filter; under required it fails closed with ERR_AUBE_ADVISORY_CHECK_FAILED.

• (install) Content-sniff dependency lifecycle scripts before approve-builds (#685 by @jdx) — aube's existing supply-chain gates (OSV MAL-*, downloads floor, bun-compat scanner, BuildPolicy allowlist) are all name-based; none inspects what postinstall actually does, which leaves an OSV-ingest-lag window of 12–48h that the 2024–2026 wave of unobfuscated curl … | sh postinstalls walked right through. New regex matcher fires advisory warnings for known-dangerous shapes in lifecycle script bodies:

  Signal	Catches
  ShellPipe	curl … | sh, wget … | bash, … | node
  EvalDecode	eval(atob(…)), Function(atob(…)), eval(Buffer.from(…))
  CredentialFileRead	~/.ssh, ~/.aws, ~/.npmrc, ~/.config/gh reads
  SecretEnvRead	process.env.*(TOKEN|SECRET|API_KEY|PASSWORD|ACCESS_KEY|PRIVATE_KEY|AUTH)
  ExfilEndpoint	Discord/Telegram webhooks, OAST hosts (oast.pro, interactsh, webhook.site, pipedream.net, ngrok.io, …)
  BareIpHttp	Bare-IP HTTP fetch targets (literal IPv4 hosts over plain HTTP)

  Sniff is advisory — allowBuilds still gates execution — and shows up in three places: end-of-install emits one WARN_AUBE_SUSPICIOUS_LIFECYCLE_SCRIPT per flagged package alongside the existing WARN_AUBE_IGNORED_BUILD_SCRIPTS; aube approve-builds annotates picker rows with ⚠ suspicious: <category> and prints a pre-picker summary of the matched hook+description; aube ignored-builds indents ⚠ <hook> — <description> lines under each name@version. Findings are re-derived per install rather than persisted, so the regex set can evolve without a state-file migration. Works offline, doesn't degrade to advisory in headless CI.

Changed

• Refreshed benchmarks/results.json against v1.13.1 and Bun 1.3.14 (#687) — public ratios update to warm installs 3× Bun / 6× pnpm, repeat test 6× Bun / 45× pnpm.

Full Changelog: https://github.com/endevco/aube/compare/v1.13.1...v1.14.0

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.