Skip to content

Release v0.1.7

Choose a tag to compare

View all tags
@mklymyshyn mklymyshyn released this 08 Apr 21:32
· 96 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.1.7
This tag was signed with the committer’s verified signature.
mklymyshyn Max Klymyshyn
GPG key ID: 6998A96B1E34FC1F
Verified
Learn about vigilant mode.
b679356
This commit was signed with the committer’s verified signature.
mklymyshyn Max Klymyshyn
GPG key ID: 6998A96B1E34FC1F
Verified
Learn about vigilant mode.

🚀 OSS IQ v0.1.7: The "High-Velocity" Update (2026-04-08)

This release is all about scale and reliability. We knew that sequential lookups weren't going to work when OSS IQ was used on big projects with deep dependency trees (we're looking at you, AWS CDK). This update makes our data acquisition layer faster, smarter, and better able to handle API rate limits.

🌟 Release Highlights

🏎️ Batching & Parallelism

The core engine has been refactored to support batched HTTP requests. Instead of waiting for one package's data before asking for the next, we now group requests for GitHub, PyPI, and NPM.

  • Concurrent Execution: Parallel requests to package registries significantly reduce total scan time.
  • Smart Throttling: A new BatchClient implements a "traffic light" pattern with jitter and retries, ensuring we respect upstream servers while moving as fast as possible.

🛡️ Resilient GitHub Integration

GitHub is now our primary source for licensing data. To support this, we've made the integration much more robust:

  • Graceful Rate Limit Handling: We now explicitly handle 403 responses by checking X-Ratelimit-Remaining and Retry-After headers, allowing the tool to pause and resume rather than just failing.
  • License Source Migration: We have moved away from ClearlyDefined.io as a primary source. While we love the project, the performance overhead was slowing down large-scale scans. Licensing data is now pulled directly through our optimized GitHub strategy.

🧠 Smarter Caching

Scanning 170k transitive dependencies (common in modern web apps) revealed new bottlenecks.

  • Semver Caching: We’ve implemented an LRU cache for semver comparisons. This prevents redundant version math for packages that appear hundreds of times in a single tree.
  • NPM & Request Pooling: Added a local mapping cache for NPM and implemented request pooling to keep connections warm and stable.

🛠️ What’s New?

📱 Mobile-Friendly Docs & UI

  • Responsive Landing: The [ossiq.dev](https://ossiq.dev) landing page is now fully mobile-friendly, including a working hamburger menu for easier navigation on the go.
  • Documentation Fixes: Fixed search functionality broken by the migration to Sphinx 9.x and resolved visibility issues with the dark-theme logo.

📦 Ecosystem & Reliability

  • Vite 8 Support: Resolved a dependency conflict where vite-plugin-vue-devtools was blocking the upgrade to the newly released Vite 8.x.
  • Integration Testing: Added a comprehensive test suite for the new BatchClient to validate traffic-light patterns and 500-error recovery.

🐞 Bug Fixes

  • Typing: Fixed various type-hinting issues across the core API clients.
  • Security: Bumped requests to v2.33.0 to address a CVE in older versions.
  • Frontend: Updated frontend dependencies to keep the interactive report viewer snappy.

💡 Why this matters

During development, we used OSS IQ to debug a dependency conflict between Vite 8 and its plugin ecosystem. It’s a perfect example of why we built this: when a major tool in your stack updates, you need to see exactly what is holding you back. This version makes finding those answers much faster, even in "dependency-heavy" projects.

📜 Technical Changelog

See associated commits with the version under the GH-70 Github Issue

Assets 3
Loading