v2.3.0

Bug fixes and improvements

• Remove BIDI rule and pin semgrep by @sobregosodd in #516

v2.2.0

Bug fixes and improvements

• Enhance Python obfuscation rule by @ikretz in #493
• Fix tests and upgrade pkgs by @sobregosodd in #496
• Adding new case to npm-exfiltration by @sobregosodd in #501
• Adding new shady-links patterns by @sobregosodd in #507
• Prevent code from bypassing semgrep by @sobregosodd in #510
• Add and improve shady-links patterns by @sobregosodd in #515

Chores

• Bump disposable-email-domains from 0.0.108 to 0.0.111 by @dependabot in #497
• Bump pytest from 8.3.3 to 8.3.4 by @dependabot in #495
• Bump coverage from 7.6.8 to 7.6.9 by @dependabot in #500
• Bump disposable-email-domains from 0.0.111 to 0.0.112 by @dependabot in #504
• Bump click from 8.1.7 to 8.1.8 by @dependabot in #506
• Bump mypy from 1.13.0 to 1.14.0 by @dependabot in #505
• Bump urllib3 from 2.2.3 to 2.3.0 by @dependabot in #503
• Bump jinja2 from 3.1.4 to 3.1.5 by @dependabot in #509
• Bump mypy from 1.14.0 to 1.14.1 by @dependabot in #512
• Bump coverage from 7.6.9 to 7.6.10 by @dependabot in #511
• Bump disposable-email-domains from 0.0.108 to 0.0.114 by @dependabot in #513

Full Changelog: v2.1.0...v2.2.0

v2.1.0

Bug fixes and improvements

• feat: add typosquatting analyzer for go modules by @bthuilot in #481
• Dedup YARA findings by @sobregosodd in #480
• Change logging stream to stderr by @sobregosodd in #492

Chores

• Bump mypy from 1.12.1 to 1.13.0 by @dependabot in #479
• Bump disposable-email-domains from 0.0.107 to 0.0.108 by @dependabot in #478
• Bump setuptools from 75.2.0 to 75.3.0 by @dependabot in #482
• Bump prettytable from 3.11.0 to 3.12.0 by @dependabot in #483
• Bump python-whois from 0.9.4 to 0.9.5 by @dependabot in #488
• Bump sarif-tools from 3.0.3 to 3.0.4 by @dependabot in #487
• Bump coverage from 7.6.4 to 7.6.7 by @dependabot in #486
• Bump setuptools from 75.3.0 to 75.5.0 by @dependabot in #485
• Bump coverage from 7.6.7 to 7.6.8 by @dependabot in #490
• Bump setuptools from 75.5.0 to 75.6.0 by @dependabot in #489

New Contributors

• @bthuilot made their first contribution in #481

Full Changelog: v2.0.6...v2.0.7

v2.0.6

Bug fixes and improvements

• Enhance exfiltrate-sensitive-data rule by @ikretz in #475
• Enhance shady links rule by @sobregosodd in #476
• Fix os usage case in npm-exfiltrate-sensitive-data by @sobregosodd in #477

Chores

• Bump setuptools from 75.1.0 to 75.2.0 by @dependabot in #474
• Bump mypy from 1.11.2 to 1.12.1 by @dependabot in #473
• Bump coverage from 7.6.1 to 7.6.4 by @dependabot in #472
• Bump pygit2 from 1.15.1 to 1.16.0 by @dependabot in #469
• Bump termcolor from 2.4.0 to 2.5.0 by @dependabot in #467

Full Changelog: v2.0.5...v2.0.6

v2.0.5

Bug fixes and improvements

• Improve code execution and shady links rules by @ikretz in #463
• Updating npm and pypi top pkgs by @sobregosodd in #466
• Compute SHA-256 in bundled_binary by @ikretz in #471

Chores

• Bump disposable-email-domains from 0.0.104 to 0.0.107 by @dependabot in #465
• Bump pytest from 8.3.2 to 8.3.3 by @dependabot in #459
• Bump setuptools from 74.1.2 to 75.1.0 by @dependabot in #460
• Bump sarif-tools from 2.0.0 to 3.0.3 by @dependabot in #464
• Bump urllib3 from 2.2.2 to 2.2.3 by @dependabot in #461

Full Changelog: v2.0.4...v2.0.5

v2.0.4

Bug fixes and improvements

• Fix RST syntax by @miketheman in #453
• FP npm-install-script - exclude case by @sobregosodd in #452
• FN: Adding a new detection case to npm-exec-base64 by @sobregosodd in #456

Chores

• Updating top packages list for typosquatting by @sobregosodd in #451
• Bump setuptools from 73.0.1 to 74.1.2 by @dependabot in #455
• Bump pyyaml from 6.0.1 to 6.0.2 by @dependabot in #450
• Bump configparser from 7.0.0 to 7.1.0 by @dependabot in #449

New Contributors

• @miketheman made their first contribution in #453

Full Changelog: v2.0.3...v2.0.4

v2.0.3

Bug fixes and improvements

• Bugfix: obfuscation False Positive by @sobregosodd in #445
• Fix YARA execution bugs by @sobregosodd in #444

Chores

• Bump setuptools from 70.3.0 to 73.0.1 by @dependabot in #447
• Bump mypy from 1.11.0 to 1.11.2 by @dependabot in #446
• Bump flake8 from 7.1.0 to 7.1.1 by @dependabot in #438
• Bump coverage from 7.6.0 to 7.6.1 by @dependabot in #436
• Bump prettytable from 3.10.2 to 3.11.0 by @dependabot in #441

Full Changelog: v2.0.2...v2.0.3

v2.0.2

Bug fixes and improvements

• Adding new patterns to detect obfuscation by @sobregosodd in #435
• Adding new link domains to shady-links by @sobregosodd in #434

Chores

• Bump pytest from 8.2.2 to 8.3.2 by @dependabot in #428
• Bump mypy from 1.10.1 to 1.11.0 by @dependabot in #424
• Bump prettytable from 3.10.0 to 3.10.2 by @dependabot in #417
• Bump coverage from 7.5.4 to 7.6.0 by @dependabot in #418
• Bump pygit2 from 1.15.0 to 1.15.1 by @dependabot in #410
• Update top pkgs resources for NPM and PYPI by @sobregosodd in #433

Full Changelog: v2.0.1...v2.0.2

v2.0.1

Bug fixes and improvements

• Standardize local scanning behavior by @ikretz in #426
• Eliminate Package class by @ikretz in #422
• Bugfix: Adding permissions to traverse extracted files and folders by @sobregosodd in #421
• Removing npm-install-script False Positives by @sobregosodd in #429
• Expand allowed tar archive compression algorithms by @ikretz in #430
• Improve shady-links rule by @sobregosodd in #431

v2.0.0

What's Changed

New features:

• Adding support for running YARA and private rules by @sobregosodd in #401
• Support Go ecosystem by @juliendoutre in #413

Improvements and bugfixes:

• Improve DLL hijacking rule coverage by @ikretz in #414
• Add detection for Python sqlite3 data exfiltration by @ikretz in #420
• Remove duplicated sourcode findings by @sobregosodd in #407
• Simplify local target checks by @ikretz in #419

Chores:

• add setuptools to dependencies by @xopham in #412
• Bump disposable-email-domains from 0.0.103 to 0.0.104 by @dependabot in #409
• Bump certifi from 2023.7.22 to 2024.7.4 by @dependabot in #408

New Contributors

• @ikretz made their first contribution in #414

Full Changelog: v1.11.2...v2.0.0