Skip to content

Releases: makash/scira

scira v0.2.0

31 Mar 11:18
@makash makash
v0.2.0
297c60e

Choose a tag to compare

View all tags
scira v0.2.0 Latest
Latest

scira v0.2.0

This release adds built-in support for the Axios npm supply chain compromise and updates the demo to show both major built-in incident flows.

New in v0.2.0

  • built-in axios incident profile
  • bundled npm-supply-chain-response skill context from agent-infra-security
  • npm/package-lock detection for compromised axios versions
  • detection of the malicious dependency plain-crypto-js
  • npm environment checks using npm ls
  • refreshed asciinema demo showing both litellm and axios
  • README updates highlighting both major supply chain incidents SCIRA helps respond to

Built-in incidents now supported

  • litellm — PyPI compromise
  • axios — npm compromise

Example

scira scan litellm --target /srv/python-app
scira scan axios --target /srv/node-app

Release assets

  • scira-darwin-arm64
  • scira-darwin-amd64
  • scira-linux-amd64
  • sha256sums.txt

Notes

  • deterministic findings remain the source of truth
  • AI explanation is optional and advisory
  • local/offline scanning still works without network access
Assets 6
Loading

scira v0.1.1

31 Mar 09:04
@makash makash
v0.1.1
57a9a14

Choose a tag to compare

View all tags
scira v0.1.1

scira v0.1.1

This release adds built-in support for the Axios npm supply chain compromise.

New in v0.1.1

  • built-in axios incident profile
  • bundled npm-supply-chain-response skill context from agent-infra-security
  • npm/package-lock detection for compromised axios versions
  • detection of the malicious dependency plain-crypto-js
  • npm environment checks using npm ls
  • README updates to reflect built-in litellm + axios support

Built-in incidents now supported

  • litellm — PyPI compromise
  • axios — npm compromise

Example

scira scan axios --target /srv/app
scira scan litellm --target /srv/app

Release assets

  • scira-darwin-arm64
  • scira-darwin-amd64
  • scira-linux-amd64
  • sha256sums.txt

Notes

  • deterministic findings remain the source of truth
  • AI explanation is optional and advisory
  • local/offline scanning still works without network access
Loading

scira v0.1.0

26 Mar 15:49
@makash makash
v0.1.0
8383eb6

Choose a tag to compare

View all tags
scira v0.1.0

scira v0.1.0

First release of scira, a host/folder incident-response agent for PyPI supply chain incidents.

Included in this release

  • scira-darwin-arm64
  • scira-darwin-amd64
  • scira-linux-amd64
  • sha256sums.txt

What it does

  • bundles PyPI incident-response skill context derived from pypi-supply-chain-response
  • ships with a built-in litellm incident flow
  • performs deterministic scanning of manifests, lockfiles, IOC files, IOC domains, user-visible Python environment data, and caches
  • reports permission gaps cleanly and suggests sudo when broader coverage is needed
  • can optionally explain findings using a single SCIRA_LLM_API_KEY with provider auto-detection and sensible default models

Example

scira scan litellm
scira scan litellm --target /srv/app
scira scan litellm --all-dirs

Notes

  • first cut supports the bundled litellm incident only
  • deterministic findings remain the source of truth; AI explanation is advisory
Loading