Skip to content

Ant

v0.12.0.1780342116 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1d CLI & Terminal
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ant javascript nodejs npm typescript

Affected surfaces

auth rce_ssrf breaking_upgrade

Summary

AI summary

Ant adds a full sandbox runtime, release API with self‑upgrader, and major WebAssembly/JIT/GC improvements.

Changes in this release

Feature Medium

Adds `ant:sandbox` module with eval/run support and mount capabilities.

Adds `ant:sandbox` module with eval/run support and mount capabilities.

Source: llm_adapter@2026-06-02

Confidence: high
Feature Medium

Adds manual WebAssembly memory growth, improved imported memory/table/global behavior, and WAMR patches.

Adds manual WebAssembly memory growth, improved imported memory/table/global behavior, and WAMR patches.

Source: llm_adapter@2026-06-02

Confidence: high
Feature Medium

Adds Node compatibility APIs: `crypto.timingSafeEqual`, `crypto.getHashes()`, `crypto.getCiphers()`, `crypto.getCurves()` and expanded `node:zlib` conformance.

Adds Node compatibility APIs: `crypto.timingSafeEqual`, `crypto.getHashes()`, `crypto.getCiphers()`, `crypto.getCurves()` and expanded `node:zlib` conformance.

Source: llm_adapter@2026-06-02

Confidence: high
Feature Medium

Rewrites `--watch` supervisor with automatic `npm ci` handling and improved restart behavior.

Rewrites `--watch` supervisor with automatic `npm ci` handling and improved restart behavior.

Source: llm_adapter@2026-06-02

Confidence: high
Feature Medium

Adds `ant upgrade` command with manifest-backed version checker and asset download support.

Adds `ant upgrade` command with manifest-backed version checker and asset download support.

Source: llm_adapter@2026-06-02

Confidence: low
Feature Low

Adds release manifest resolution, asset download support with gzip delivery, and HTTP caching for manifests and releases.

Adds release manifest resolution, asset download support with gzip delivery, and HTTP caching for manifests and releases.

Source: llm_adapter@2026-06-02

Confidence: high
Feature Low

Adds sandbox demos, backend pieces for Darwin HVF, Linux KVM (x86/aarch64), Windows scaffolding, and Docker‑based build workflows.

Adds sandbox demos, backend pieces for Darwin HVF, Linux KVM (x86/aarch64), Windows scaffolding, and Docker‑based build workflows.

Source: llm_adapter@2026-06-02

Confidence: low
Feature Low

Introduces Nanos‑style sandbox build pipelines and Docker support for sandbox artifacts.

Introduces Nanos‑style sandbox build pipelines and Docker support for sandbox artifacts.

Source: granite4.1:30b@2026-06-02-audit

Confidence: low
Feature Low

Adds `ant upgrade` command with manifest‑backed version checker, update hints, colored dialog, and progress display.

Adds `ant upgrade` command with manifest‑backed version checker, update hints, colored dialog, and progress display.

Source: granite4.1:30b@2026-06-02-audit

Confidence: low
Bugfix Medium

Fixes sparse array descending length, dense array splice, tiny array length issues, and object descriptor behavior.

Fixes sparse array descending length, dense array splice, tiny array length issues, and object descriptor behavior.

Source: llm_adapter@2026-06-02

Confidence: high
Bugfix Medium

Stabilizes JIT closure capture, improves open‑upvalue handling across OSR and bailout paths, and tunes GC cadence to reduce memory ballooning.

Stabilizes JIT closure capture, improves open‑upvalue handling across OSR and bailout paths, and tunes GC cadence to reduce memory ballooning.

Source: llm_adapter@2026-06-02

Confidence: low
Refactor Low

Removes old Rust stripping package after skim migration and cleans up dead code.

Removes old Rust stripping package after skim migration and cleans up dead code.

Source: llm_adapter@2026-06-02

Confidence: high
Full changelog

Ant 0.12.0

A major runtime and distribution release. Ant now has an early sandbox runtime, a release API and self-upgrader, stronger WebAssembly support, broader Node compatibility, a rewritten watch supervisor, and a large JIT/GC stabilization pass.

Highlights

Sandbox runtime

  • Added the first ant:sandbox module
  • Added sandbox eval/run support with read-only and writable mounts
  • Added Nanos-style sandbox build pipelines and Docker support

Release API and upgrades

  • Added a manifest-backed version checker
  • Added ant upgrade
  • Added asset download support, gzip delivery, and resolver improvements for release artifacts

WebAssembly got stronger

  • Added manual support for growing WebAssembly memory
  • Improved imported memory, table, and global behavior
  • Added WAMR patches and new WebAssembly regression coverage

JIT and GC stabilization

  • Stabilized JIT closure capture and bailout behavior
  • Improved open-upvalue handling across OSR and bailout paths
  • Tuned GC cadence and reduced memory ballooning

Node compatibility

  • Expanded node:zlib conformance
  • Added crypto.timingSafeEqual
  • Added crypto.getHashes(), crypto.getCiphers(), and crypto.getCurves()

Developer workflow

  • Rewrote --watch
  • Added automatic npm ci handling in builds
  • Improved Nix and package layout
Sandbox runtime and Nanos support
  • Added ant:sandbox
  • Added Sandbox#eval() and Sandbox#run() style flows
  • Added read-only mount support
  • Added writable mount support
  • Added sandbox demos for eval, script execution, guest errors, and writable mounts
  • Added sandbox host, VM, transport, policy, and CLI layers
  • Added Darwin HVF backend pieces
  • Added Linux KVM backend pieces for x86 and aarch64
  • Added shared virtio, 9p, block, net, rng, vsock, PCI, NAT, and packet handling code
  • Added Windows backend scaffolding
  • Added sandbox assets and asset downloader support
  • Added sandbox tests for 9p, MMIO, network packets, PCI, virtio block, and virtio RNG
  • Added Nanos sandbox build workflows
  • Added Docker-based sandbox building
  • Added musl sandbox artifact workflows
  • Added sandbox/kernel artifact routing in the release API
Release API, manifest resolver, and upgrader
  • Added a manifest-backed version checker
  • Added ant upgrade
  • Added update hints for newer Ant versions
  • Added a colored upgrade dialog and progress display
  • Added release manifest resolution for Ant, sandbox, and kernel artifacts
  • Added release asset download support
  • Added gzip support before sending downloadable assets
  • Added HTTP caching for manifests and release downloads
  • Added release route indexing and version normalization helpers
  • Added GitHub release lookup support in the API service
  • Improved manifest resolver behavior
  • Added a small equality fix to avoid package metadata corruption
  • Injected the git hash into the Nix flake
  • Updated README and binary-size reporting for the release path
WebAssembly and WAMR
  • Added manual support for WebAssembly memory growth
  • Improved WebAssembly.Memory constructor behavior
  • Improved imported shared memory behavior
  • Improved imported table and funcref behavior
  • Improved imported global mutability behavior
  • Improved WebAssembly.Table constructor behavior
  • Added Emscripten import support patches for WAMR
  • Added WAMR memory-growth related fixes
  • Added tests for imported memory, imported tables, imported globals, memory constructors, and table constructors
  • Added related BigInt and typed-array fixes needed by the WebAssembly path
JIT, OSR, upvalues, and GC
  • Stabilized JIT closure capture and GC cadence
  • Added JIT-local open-upvalue tracking
  • Adopted live upvalues on bailout
  • Preserved captured parameter slots across bailout resume
  • Avoided retrying direct-call JIT compilation after known compile failures
  • Shared closure function-object initialization between interpreter and JIT
  • Added safe JIT helper fast paths for string ops and property ICs
  • Improved sparse major GC cadence based on live and pool pressure
  • Reduced memory ballooning
  • Improved GC object marking
  • Added eager major-GC threshold tuning
  • Changed minor-count reset behavior to only reset on major collection
  • Added a rope checker
  • Fixed dead JIT stack paths
  • Fixed upvalue ABI handling
  • Fixed bailout parameter handling
  • Fixed open-upvalue capture and capture reuse
  • Cleared relevant fields on bailout
  • Fixed OSR crashes and OSR parameter write handling
  • Rooted fast-path string ops for GC safety
  • Added broad GC and JIT regression coverage
Node compatibility: zlib, crypto, fs, process
  • Expanded node:zlib conformance
  • Added zlib constants and codes
  • Added sync gzip/gunzip/deflate/inflate/raw/unzip/Brotli helpers
  • Added async zlib helpers
  • Added zlib transform stream behavior
  • Added zlib.crc32
  • Added node:zlib, ant:zlib, and zlib TypeScript declarations
  • Added crypto.timingSafeEqual
  • Added crypto.getHashes()
  • Added crypto.getCiphers()
  • Added crypto.getCurves()
  • Added crypto TypeScript declarations for the new APIs
  • Improved fs.stat Node-style fields
  • Added fs.truncateSync coverage
  • Added process.binding constants coverage
  • Added an instanceof type guard and prototype guard coverage
Watch mode and developer workflow
  • Rewrote --watch
  • Added a watch supervisor test covering dependency edits and restart behavior
  • Preserved script arguments through watch restarts
  • Improved watch messages
  • Added completed watch-supervisor planning docs
  • Added automatic npm ci handling in the build
  • Moved libant into packages/libant
  • Moved Nix packaging into packages/nix
  • Improved Nix build config
  • Removed the old Rust stripping package after the skim migration
  • Cleaned up dead code and build metadata
Language and runtime correctness
  • Fixed sparse array descending length behavior
  • Fixed dense array splice behavior
  • Fixed a tiny array length issue
  • Fixed object descriptor behavior for generic descriptors
  • Fixed T_STR handling in remembered constants
  • Fixed exit emit behavior
  • Added instanceof type-guard handling
  • Improved BigInt behavior
  • Added typed-array apply coverage
  • Improved N-API behavior in a small follow-up
  • Fixed package JSON related equality behavior
Coverage, docs, and examples
  • Added sandbox examples
  • Added writable mount examples
  • Added zlib conformance coverage
  • Added crypto API coverage
  • Added WebAssembly memory/table/global coverage
  • Added many GC stress and correctness tests
  • Added JIT OSR and sparse captured-parameter bailout tests
  • Added watch supervisor coverage
  • Added sandbox backend tests
  • Updated Discord example commands
  • Updated API service docs and schemas
  • Updated sandbox planning docs

To install Ant v0.12.0:

curl -fsSL https://ant.themackabu.com/install | bash
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Ant

Get notified when new releases ship.

Sign up free

About Ant

All releases →

Related context

Beta — feedback welcome: [email protected]