Hipcheck 3.14.0 Release

Hipcheck 3.14.0 is out! This is a relatively minor release, with one new feature, two bugfixes, and an assortment of dependency updates.

📦  New Features

💬  New explain semver subcommand

Hipcheck supports using constraints on SemVer types when specifying plugin dependencies. It does this with a list of custom operators, adopted from the operators supported by Cargo, the Rust build tool and package manager. However, for backwards-compatibility reasons, Hipcheck's operators do not exactly match Cargo's.

To make it easier to debug and clarify the meaning of SemVer operators, we've added a new subcommand hc explain semver which takes in SemVer operators and outputs their equivalent formulation with only less than and greater than comparators.

If you're ever uncertain about how to interpret SemVer operators in the context of Hipcheck, we recommend using this new command.

🪲  Bugfixes

Stop Checking for npm during initialization

Previously, when all analyses were built into Hipcheck itself, we'd need to use a local install of npm, the popular JavaScript package manager, to support the JavaScript-specific analysis for typosquatting detection. To do that, we'd check for the presence of npm during the initialization process of Hipcheck, one of the earliest things we do during startup.

When we moved all analyses out into distinct plugins, we still unintentionally retained that check for npm. We've now removed it, since it's no longer a requirement for running Hipcheck itself.

Fix the JSON format for errored analyses

Hipcheck reports can be given in JSON format, and in that format we split out analyses between successful, failed, and "errored" analyses. Errored analyses are analyses which failed to run to completion due to an error. In the JSON output, the format of these analyses specifically was very different from the format of other analyses, in a way that limited their usefulness and made parsing more complex. Their format has now been modified to be more in line with passing and failed analyses.

🗺️  How to Get Involved

We're always looking for new contributors! If you'd like to learn more about Hipcheck and get involved in contributing, please checkout our Roadmap and feel free to get in touch with us through our Discussions board!

⭐️  Thank You to Our Contributors and Supporters

As always, we want to say a big "Thank you!" to everyone who supports the project at MITRE, to our prior government sponsors who have helped advance Hipcheck, and to everyone who has contributed, given feedback, or encouraged us in building it.

The following people contributed to this release:

• Andrew Lilley Brinker (MITRE)
• Scott Hissam (SEI)