qwexvf/aegis-cli

v0.15.2 Maintenance

This release keeps dependencies and maintenance posture current for teams operating this tool.

Published 23d CLI & Terminal

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ast-analysis cli cve dependency-scanner security go

+13 more

lockfile malware-detection npm-security osv python-security sbom sca shai-hulud supply-chain-attack supply-chain-security tree-sitter typosquatting vulnerability-scanning

ReleasePort's take

Light signal

editorial:auto 13d

Release v0.15.2 updates documentation by dropping stale per‑pm references, refreshing size calculations, and adding details on new provenance capabilities.

Why it matters: Review the updated docs to align with the latest provenance features; treat as FYI.

Summary

AI summary

Minor fixes and improvements.

Changes in this release

Type	Severity	Summary	CVE
Other	Medium	Drop stale per-pm references, refresh sizes, document new provenance capabilities. Drop stale per-pm references, refresh sizes, document new provenance capabilities. Source: llm_adapter@2026-05-21 Confidence: low	—
Other	Low	Update documentation: drop stale per-package-manager references, refresh size information, add provenance capability details. Update documentation: drop stale per-package-manager references, refresh size information, add provenance capability details. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—

Full changelog

aegis-cli v0.15.2

Supply-chain security CLI for npm / bun / yarn / pnpm.

Verifying releases

All artifacts are checksummed (checksums.txt) and the checksums file
is signed via cosign keyless OIDC. To verify:

cosign verify-blob \
  --certificate-identity-regexp 'https://github.com/qwexvf/aegis-cli/.github/workflows/release.yml.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate checksums.txt.pem \
  --signature   checksums.txt.sig \
  checksums.txt
sha256sum -c checksums.txt

SLSA build provenance is attached to every artifact and can be
verified with gh attestation verify <file> --owner qwexvf.

Docs

drop stale per-pm refs, refresh sizes, document new provenance capabilities (#60) (fa92c02)

Apache-2.0 — see LICENSE.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track qwexvf/aegis-cli

Get notified when new releases ship.

About qwexvf/aegis-cli

All releases →