Skip to content

v1.2.0 — Security Hardening

Marketplace
Marketplace

Choose a tag to compare

View all tags
@mickelsamuel mickelsamuel released this 17 Feb 04:41
· 31 commits to main since this release
v1.2.0
f8f6a85

Security Improvements

  • Ed25519 license keys: Switched from HMAC-SHA256 (symmetric) to Ed25519 (asymmetric) cryptography. The signing secret can no longer be extracted from the CLI binary.
  • Pro rules gated: Programmatic API (import { allRules }) now exports only the 45 free rules. Pro rules (MP013, MP014, MP019) require a valid license.
  • API hardening: CORS headers, rate limiting on billing-portal, proper email validation, generic error messages (no Stripe internals leaked).
  • Security headers: CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy on migrationpilot.dev.
  • Repository cleanup: Removed dist/ and internal config files from git tracking.

Improvements

  • Expired license warning with renewal link across all CLI commands
  • --license-key option added to watch mode
  • Dropped Node 20 from CI (EOL April 2026), minimum Node version is now 22

Install

npm install -g migrationpilot@1.2.0
Assets 2
Loading