qwexvf/aegis-cli

v0.19.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 20d CLI & Terminal

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ast-analysis cli cve dependency-scanner security go

+13 more

lockfile malware-detection npm-security osv python-security sbom sca shai-hulud supply-chain-attack supply-chain-security tree-sitter typosquatting vulnerability-scanning

Summary

AI summary

Added Dart/Pub, Swift/SwiftPM, Elixir, R/CRAN, Haskell/Hackage, Perl/CPAN ecosystems and a cloud analyze command.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Add Dart/Pub, Swift/SwiftPM, Elixir ecosystems (9→12) Add Dart/Pub, Swift/SwiftPM, Elixir ecosystems (9→12) Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Add R/CRAN, Haskell/Hackage, Perl/CPAN ecosystems (12→15) Add R/CRAN, Haskell/Hackage, Perl/CPAN ecosystems (12→15) Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Add cloud analyze command for sandbox analysis Add cloud analyze command for sandbox analysis Source: llm_adapter@2026-05-21 Confidence: low	—
Other	Medium	Backfill changelog v0.16–v0.18, regenerate man pages, update README Backfill changelog v0.16–v0.18, regenerate man pages, update README Source: llm_adapter@2026-05-21 Confidence: low	—
Other	Medium	Update README (9→15 ecosystems), CHANGELOG, regenerate man pages for v0.19.0 Update README (9→15 ecosystems), CHANGELOG, regenerate man pages for v0.19.0 Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

aegis-cli v0.19.0

Supply-chain security CLI for npm / bun / yarn / pnpm.

Verifying releases

All artifacts are checksummed (checksums.txt) and the checksums file
is signed via cosign keyless OIDC. To verify:

cosign verify-blob \
  --certificate-identity-regexp 'https://github.com/qwexvf/aegis-cli/.github/workflows/release.yml.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --certificate checksums.txt.pem \
  --signature   checksums.txt.sig \
  checksums.txt
sha256sum -c checksums.txt

SLSA build provenance is attached to every artifact and can be
verified with gh attestation verify <file> --owner qwexvf.

Changelog

Features

e0c31ab524adb25178b32acba1ce91da92cbb4df: feat: add Dart/Pub, Swift/SwiftPM, Elixir ecosystems (9→12) (#87) (@qwexvf)
d0b76f69add9bf11021d4117e491623f7ee971de: feat: add R/CRAN, Haskell/Hackage, Perl/CPAN ecosystems (12→15) (#88) (@qwexvf)
cb43b4ef8e8d65f7e743bde0be05ab2dbed46c69: feat: add cloud analyze command for sandbox analysis (#82) (@qwexvf)

Documentation

620d50671571d8ba4dbd2554becd3ba9fcd3adeb: docs: backfill changelog v0.16–v0.18, regenerate man pages, update README (@qwexvf)
f31094745493a7d22baf8d1ba0c5401ff84b1971: docs: v0.19.0 — update README (9→15 ecosystems), CHANGELOG, regenerate man pages (@qwexvf)

Other

78976caf52fc235ae5cca39189245ca1d1da0755: chore: untrack binary, skills; gitignore /aegis, /gendocs, skills/ (@qwexvf)

Apache-2.0 — see LICENSE.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track qwexvf/aegis-cli

Get notified when new releases ship.

About qwexvf/aegis-cli

All releases →