jdx Release Notes

Added

• (github) Use the shared mise-versions host for release metadata and artifact attestations before falling back to api.github.com, dramatically cutting anonymous GitHub API usage in CI/Docker (#10127 by @jdx).
• (node) New node.npm_shim setting (MISE_NODE_NPM_SHIM) to opt out of the bundled npm wrapper, letting corepack manage bin/npm cleanly (#10082 by @jjb).
• (npm) New allow_builds tool option for npm-backend installs that expands to --allow-build=<pkg> for aube and pnpm, accepting a string, array, or true for all builds (#10116 by @jdx).

Fixed

• (backend) Strip the system shims dir from dependency_env PATH to prevent npm/go shim re-entry fork-bombs in devcontainer/Docker setups using mise install --system (#10019 by @andrewjamesbrown).
• (backend) Improve libc detection on musl distros so installing gcompat on Alpine no longer flips mise to glibc binaries (#10020 by @thespags).
• (aqua) Skip in-place link creation when src and dst alias the same inode (fixes godot install on macOS/APFS) (#10012 by @tvararu).
• (aqua) Lock github_content packages using raw GitHub content URLs instead of archive URLs (#10102 by @risu729).
• (toolset) hook-env and other prefer-offline flows no longer fetch remote versions to resolve concrete/latest/prefix:* specs, speeding up shells with many fuzzy tools (#10098 by @jdx).
• (upgrade) Preserve installed versions still pinned by other tracked project lockfiles during upgrade cleanup (#10114 by @jdx).
• (upgrade) Improve current version detection so prefix requests like go = "1.25" show the best matching installed version in summaries (#9973 by @jdx).
• (lock) Allow mise lock and mise upgrade to refresh mise.lock even when locked = true is set (#10111 by @jdx).
• (install) Reject install requests whose resolved backend is in disable_backends, including explicit syntax like ubi:owner/repo (#9905 by @risu729).
• (use) Reject tool version strings that start with - (e.g. mise use dummy@--version) (#10113 by @jdx).
• (en) Preserve MISE_ENV / -E profile when an activated subshell sources mise activate (#10124 by @jdx).
• (unset) Respect MISE_GLOBAL_CONFIG_FILE when running mise unset from $HOME, matching mise set/use (#10105 by @jdx).
• (task) Set config_root on tasks loaded from global config so {{config_root}} renders correctly (#10106 by @jdx).
• (task) Render templates and expand ~/ in sandbox allow_read / allow_write paths (#10112 by @jdx).
• (shim) Skip dot-prefixed (hidden) executables when generating shims (#10123 by @jdx).
• (pipx) Combine --pip-args=VALUE into a single argv element so pipx's argparse accepts values starting with -- (#10120 by @iloveitaly).
• (security) Apply url_replacements to the GitHub attestations API base URL (#9971 by @SlaterByte).
• Show the mise version in friendly error output (#10109 by @jdx).
• (copr) Increase build timeout (#10071 by @jdx).

Performance

• Cache repeated successful path canonicalization across hot PATH/shim/activation lookups (#10068 by @jdx).

Changed

• Registry: use the npm backend for npm on Windows (aqua's standalone npm/cli tarball is broken on Windows) (#10101 by @risu729).
• Registry: allow narrow dependency builds for npm-primary tools (wrangler, gemini-cli, vercel, codebuff, jules, orval, serverless), and drop npm fallbacks for ast-grep, lefthook, claude, code (#9916 by @risu729).
• Registry: add modem-dev/hunk (#10051 by @naoki-mizuno), wacli (#10043 by @dovocoder), liquibase via the github backend (#10052 by @benberryallwood), longbridge-terminal (#10073 by @hogan-yuan), and make aube more resilient (#10092 by @bgeron, #10110).

Documentation

• Fix Scoop installation section (#10059 by @ofek).
• Clarify untrusted config behavior (#10097 by @jdx).
• Remove outdated terraform main.tf reference (#10099 by @risu729).
• Remove broken "How I Use mise" link (#10081 by @HYP3R00T).

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

A feature-and-fix release: hooks can now target staged files without touching your worktree, hk install cooperates with global installs, and three separate stash/merge bugs that could clobber fixer output or staged deletions are fixed.

Added

--staged flag for hk run, check, fix, and hook subcommands (@jdx) #950. Runs hooks against the staged file set while leaving unstaged and untracked changes alone — no stash, no worktree mutation. It conflicts with --all and --stash, and forces StashMethod::None even when the hook config opts into stashing. Fixes #940.

hk run pre-commit --staged
hk fix --staged

hk install skips when hk is configured globally (@jdx) #934. If any hook.hk-* entry exists in ~/.gitconfig, hk install is a no-op and additionally cleans up stale per-repo hooks left behind from a prior install, so the global install is the single source of truth and hk doesn't fire twice per event. Pass --force-local to install per-repo hooks anyway. This means postinstall workarounds like git config --get-regexp hook.hk- || hk install can now be replaced with a plain hk install. Closes #933.

Named template variables for post-checkout hooks (@jdx) #951. Steps can now reference prev_head, new_head, and is_branch_checkout (a real boolean, mapped from git's 1/0 flag) instead of having to parse the combined hook_args string. docs/hooks.md documents the per-hook variables for prepare-commit-msg, commit-msg, and post-checkout.

oxfmt builtin (@hituzi-no-sippo) #914. Adds oxfmt as a builtin formatter for JS/TS, JSON, YAML, and TOML.

Vite+ builtin (@hituzi-no-sippo) #913. Adds Vite+ as a builtin formatter/linter for JavaScript/TypeScript.

oxlint builtin upgrades (@hituzi-no-sippo) #911. Adds --deny-warnings so violations exit non-zero, extends the file glob to .vue, .svelte, .astro, .mjs, .cjs, .mts, and .cts, and registers oxlint config files as project indicators so the builtin is auto-suggested.

Fixed

pre-push ref filter was inverted (@jdx) #932. The filter was checking the local sha for all-zeros (a deletion) when the intent was to check the remote sha (a new branch). Two visible consequences:

First push of a new branch was dropped and fell through to resolving refs/remotes/origin/HEAD, which often failed with Failed to parse reference: refs/remotes/origin/HEAD (likely the root cause of #172).

Branch deletions were kept and triggered linting against the deleted ref.

The filter now drops only deletions, falls back to the real remote-tracking branch (or Git::resolve_default_branch()) for new-branch pushes, and uses a new git::is_zero_sha() helper that works for both SHA-1 and SHA-256 repos.

hk install --global now uses absolute paths (@jdx) #939. Global hook commands previously assumed hk/mise were on PATH when git invoked the hook, which broke in environments with a sanitized PATH. The installer now resolves hk (or mise) to an absolute path at install time (using ~/ when home-relative and quoting otherwise), and --mise global installs use mise x hk -- hk so the hk tool is requested explicitly. Global installs also pick hook events from the project's hk.pkl when present. Fixes #937.

fail_on_fix no longer loses fixer output through stash = "git" (@jdx) #909. git stash show --name-only can list staged files stored in the stash commit that were not part of the unstaged set being restored, so the manual unstash could rewrite a staged-only file and discard the fixer's output that should remain visible as an unstaged diff. hk now tracks the exact path set selected for stashing and filters restore to that set. Follow-up to the fail_on_fix fix in v1.44.3.

Staged deletions survive pop_stash (@jdx) #927. pop_stash() walked every path returned by git stash show --name-only and wrote a merged blob to disk, even for paths the user had staged for deletion with git rm. After the commit, the deleted file reappeared on disk as untracked. hk now queries git diff --cached --diff-filter=D before unstashing and skips those paths. Fixes #926.

Fixer tail-line deletions are preserved across three-way merge (@jdx) #931. In merge.rs::diff_hunks, when the LCS walk consumed other entirely after a matching line, a pure tail deletion of base[i..n] was dropped, so three_way_merge_hunks silently copied the removed lines back in. The classic symptom: a fixer that strips trailing blank lines, applied to a file where you have an unrelated unstaged change in the middle, would have its trailing-line cleanup silently undone. Fixes #929.

check_diff failures get accurate fix suggestions (@jdx) #949. When a step defined both check_diff and check_list_files, the "To fix, run" hint always parsed output with the list-files parser regardless of which check actually ran. hk now passes the executed command into collect_fix_suggestion and dispatches to the diff parser for check_diff output, so the suggested files match the real failure. Fixes #942.

Full Changelog: v1.45.0...v1.46.0

💚 Sponsor hk

hk is developed by @jdx at en.dev — a small independent studio behind developer tools like mise, aube, hk, and more. Work on hk is funded by sponsorships.

If hk has sped up your pre-commit loop or made linting feel less painful, please consider sponsoring at en.dev. Sponsorships are what keep hk moving and the project independent.

A small release that recognizes loongarch64 and riscv64 as valid platform arches and refreshes the conda (rattler) backend.

Fixed

Add loongarch64 and riscv64 to the set of arches accepted by Platform::validate(). Previously, lockfiles targeting linux-riscv64 or linux-loongarch64 would fall back to the common platform set instead of resolving to the requested single platform, so installs on those machines couldn't use lockfile-authoritative platform selection (#10038 by @k0tran).

Changed

Bump rattler (used by the conda backend) from 0.42 to 0.43, picking up upstream fixes for missing symlinks during Windows installs, deterministic path ordering from link_package_sync, and accepting full URLs as the OAuth issuer host (#10030).

New Contributors

@k0tran made their first contribution in #10038

Full Changelog: v2026.5.14...v2026.5.15

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

A small fix release that hardens GitHub release asset auto-selection against picking binaries for the wrong CPU architecture.

Fixed

(github) Asset auto-selection now hard-rejects any candidate whose filename explicitly declares a non-matching architecture, even when other scoring bonuses (preferred name, archive type, libc match) would otherwise rank it first. This fixes cases like cargo-msrv on aarch64 Linux, where cargo-msrv-x86_64-unknown-linux-gnu-*.tgz was being chosen over no-match-better-than-wrong-match. Explicit asset_pattern configuration is unchanged (#10018 by @jdx).

Full Changelog: v2026.5.13...v2026.5.14

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

A focused release that tightens npm install safety by default, removes network calls from shell completion generation, and fixes asset picking so primary release binaries beat related sub-archives.

Added

(npm) The npm backend now passes --ignore-scripts=true by default when installing through npm, and no longer adds Bun's --trust flag automatically. npm_args and bun_args remain the user escape hatches and are appended after the defaults, so you can opt back in per tool (#9913 by @risu729):

[tools]
# opt back into npm lifecycle scripts for one tool
"npm:some-tool" = { version = "latest", npm_args = "--ignore-scripts=false" }
# opt into Bun's broad install-time script trust
"npm:other-tool" = { version = "latest", bun_args = "--trust" }

For dependency build approvals, prefer aube or pnpm with --allow-build=<pkg>; see the refreshed npm backend docs.

Fixed

(completion) mise completion is often invoked on shell init. It no longer refreshes remote version metadata while building the toolset, so slow networks and timeouts don't delay every new shell (#10010 by @sargunv-headway).

(github) Auto-detection scoring now gives a small bonus to assets whose platform-stripped filename matches the repo/tool name, and treats manylinux* / musllinux* asset names as Linux with the right glibc/musl libc. This fixes installs like opengrep/opengrep, where opengrep-core_linux_aarch64.tar.gz was previously winning over the primary opengrep_* binary. Explicit asset_pattern configuration is unchanged (#10008 by @risu729).

(shim) Optioned tool aliases (e.g. GitHub tool_alias entries with per-alias asset_pattern / bin_path) are now visible to runtime symlink and shim rebuilds. Previously these alias backends bypassed the global backend cache and could be missed after install, leaving latest symlinks or executable shims unbuilt (#9848 by @risu729).

(release) The embedded mise-plugins vfox plugin set now includes vfox-groovy, vfox-php, and vfox-scala as fallbacks after the default asdf backend (#9832 by @risu729).

(doctor) The mise doctor version-check request now uses the regular HTTP client and the configured http_timeout (controllable via MISE_HTTP_TIMEOUT), instead of an unconfigurable 3s timeout. Timeout error messages now point at the real setting (#9977 by @risu729).

(config) Tool options coming from the install manifest are tracked as their own source layer, kept below config and inline backend args in precedence, and no longer serialized back out as inline backend args (#9958 by @risu729).

Changed

(registry) vector now uses the aqua backend, which has Vector-specific vdev-* release filtering. This avoids resolving stray vdev-* GitHub releases as the latest Vector (#10011 by @jdx).

(registry) vale now tracks its updated aqua-registry location (#10002 by @eread).

(dotnet) The .NET backend reads prerelease (and other tool options) through a local typed option reader, with the legacy package-flag fallback preserved (#9962 by @risu729).

Full Changelog: v2026.5.12...v2026.5.13

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

A focused release that renames the release-age cutoff flag to something more discoverable, deprecates the legacy default_packages_file mechanism, and fixes several install_env propagation gaps across backends.

Added

(cli) mise edit --global / -g opens the global config file (~/.config/mise/config.toml, or $MISE_GLOBAL_CONFIG_FILE if set), bringing mise edit in line with mise use --global, mise settings set --global, and other commands. A positional path still wins over the flag (#9953 by @fru1tworld).

(cli) The release-age cutoff flag on mise install, use, upgrade, and latest has been renamed from --before to --minimum-release-age, matching the per-tool option and global setting of the same name. The old --before spelling is kept as a hidden alias so existing scripts keep working (#9768 by @risu729):

mise latest node --minimum-release-age 2024-01-01
mise install --minimum-release-age 90d

Fixed

(aqua) Verify cosign bundles that ship a long-lived public key via cosign.opts --key locally, instead of routing them through sigstore-verify's unsupported public-key bundle path. This fixes installs like aqua:stackrox/[email protected], which previously failed with public key verification not yet supported (#9972 by @jdx).

(backend) Per-tool install_env is now passed into tool-level postinstall hook commands (#9930 by @risu729) and applied to command-backed install paths across package-manager backends, vfox cmd.exec hooks, SPM build/probe commands, and core language install-time commands (#9929 by @risu729).

(cargo) Fall back to cargo install (instead of cargo-binstall) when tool options require source-build feature selection. cargo-binstall is still used for compatible options such as bin, crate, and locked (#9928 by @risu729).

(config) Restore the env_file setting and the MISE_ENV_FILE env var, which had been incorrectly marked deprecated. env._.file in mise.toml is the right replacement for legacy top-level env_file entries, but it's not behaviorally equivalent to MISE_ENV_FILE=.env, which uses FindUp from the current directory (#9903 by @risu729).

Changed

(core) Default package files are now on a deprecation timeline (#9970 by @jdx). The settings go.default_packages_file, node.default_packages_file, python.default_packages_file, and ruby.default_packages_file (i.e. ~/.default-go-packages, ~/.default-npm-packages, ~/.default-python-packages, ~/.default-gems) will start emitting a warning in 2026.11.0 and be removed in 2027.11.0. The recommended replacements are package-manager backends for CLIs:

[tools]
"npm:typescript" = "latest"
"pipx:black" = "latest"
"gem:rubocop" = "latest"
"go:github.com/jesseduffield/lazygit" = "latest"

or a tool-level postinstall hook for packages that really should be installed into every runtime version:

[tools]
node = { version = "22", postinstall = "npm install -g typescript" }

(cli) User-facing help, docs, and the man page now use tool/backend wording instead of plugin/runtime where tools are not necessarily plugins, including renaming MISE_${PLUGIN}VERSION references to MISE${TOOL}_VERSION. mise tool-alias now prefers --tool as the primary long flag, with --plugin retained as an alias (#9906 by @risu729).

(registry) The qsv shorthand now resolves to aqua:dathere/qsv first, falling back to the existing github:dathere/qsv and asdf:vjda/asdf-qsv entries (#9910 by @risu729).

(snap) The snap package is now built and published for arm64 in addition to amd64, so snap install mise works on arm64 desktops (#9948 by @jnsgruk).

New Contributors

@jnsgruk made their first contribution in #9948

@fru1tworld made their first contribution in #9953

Full Changelog: v2026.5.11...v2026.5.12

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

Added

• (security) Verify and record provenance during mise lock, with a new provenance_api_failures_fatal setting to control whether GitHub attestation API failures are fatal (#9945 by @jdx).
• (security) Fall back to verifying archive contents when SLSA provenance attests every file inside an archive but not the archive itself, fixing releases like github:prefix-dev/[email protected] (#9898 by @sargunv).
• (plugins) Support remote git subdirectory sources for plugins, e.g. git::https://host/repo.git//path/to/plugin?ref=branch (#9893 by @jdx).

Fixed

• (github) Asset picker now picks the shortest matching name as a tiebreaker for asset_pattern and accepts platform-agnostic runtime archives like .phar, .jar, and .pyz (fixes installing composer) (#9946 by @jdx).
• (config) Invalid miserc.toml now produces a clear parse error at startup instead of being silently ignored (#9937 by @jdx).
• (install) Per-tool .mise.backend.toml metadata is now written alongside install directories, making merged/copied installs self-describing and refreshing install state mid-run so same-run dependency resolution sees freshly installed tools (#9941 by @jdx).
• (install) postinstall hooks now run through the configured default inline shell instead of $SHELL -c (#9812 by @risu729).
• (cache) mise cache prune [PLUGIN]... now honors the plugin filter instead of pruning every cache directory (#9914 by @risu729).
• (task) Preserve task-declared env, MISE_TASK_* metadata, and MISE_ENV across nested hook-env invocations, while keeping the nested-PATH fix from #9765 intact (#9850 by @risu729).
• (backend) Resolve helper dependency toolsets in offline mode so minimum_release_age cannot mis-route helper tools like node/npm when querying upstream versions (#9808 by @risu729).
• (vfox) Key vfox EnvKeys hooks by the resolved install path so shared/system installs don't reuse user-path cache entries (#9907 by @risu729).
• (use) Skip the mise use -g shadow warning when the active version comes from system config (#9900 by @risu729).
• (doctor) List installed plugins from install state, including those owned by disabled backends, and add a plugins object to mise doctor -J (#9863 by @risu729).
• (erlang) erlang.compile = false is now strict precompiled mode and no longer falls back to kerl build-install on unsupported distros (#9866 by @risu729).

Changed

• (registry) Prefer the aqua backend for cilium-hubble, localstack, mark, openbao, porter, process-compose, rtk, sqlc, turso, and xcodegen, with existing GitHub/asdf backends preserved as fallbacks (#9789 by @risu729).
• (registry) Add aqua:jbangdev/jbang as the primary backend for jbang, enabling Windows support (#9811 by @risu729).
• (registry) Alias dotnet-core to dotnet (#9807 by @risu729).
• (registry) Add lisette (#9944 by @ivov).
• (registry) Fix sourcery archive format so macOS installs use the .zip asset instead of trying to extract it as tar.gz (#9902 by @risu729).
• (docs) Trim the global settings example in the configuration docs (#9912 by @risu729).

New Contributors

@ivov made their first contribution in #9944

💚 Sponsor mise

mise is built by @jdx under en.dev — an independent studio making developer tooling (mise, aube, and more). Development is funded by sponsors.

If mise saves you or your team time, please consider sponsoring at en.dev. Individual and company sponsorships keep mise fast, free, and independent.

A patch release focused on the OS keychain provider: a deadlock and dialog-storm fix on macOS, plus a clean migration to keyring-core v1 and keepass 0.12.

Fixed

Keychain provider no longer deadlocks the runtime or stacks dialogs (#495) -- @jdx

Resolving several keychain-backed secrets at once on macOS could hang fnox indefinitely (see discussion #489). The default batch path fans out 10 concurrent reads, which surfaced up to 10 overlapping "Always Allow / Allow / Deny" Security dialogs and pinned every tokio worker thread waiting for the user — deadlocking the runtime.

Two changes fix this:

All keyring-core calls (set_password, get_password, delete_credential) now run via tokio::task::spawn_blocking, so a blocked Security dialog never pins a runtime worker.

The keychain provider overrides get_secrets_batch to resolve entries serially, so dialogs appear one at a time and Ctrl-C stays responsive.

fnox set against the keychain and test_connection are routed through the blocking pool too.

KeePass provider works with keepass 0.12 (#494) -- @jdx

The 0.10 → 0.12 bump made Group.groups, Group.entries, Database.root, and friends pub(crate), with access now going through Database::root(), GroupRef/GroupMut accessors, and add_group / add_entry. The provider has been rewritten to match:

Entry lookup returns an EntryId and resolves to EntryRef / EntryMut via Database::entry / entry_mut, avoiding lifetime issues with recursive GroupRef borrows.

Writes navigate and create groups segment-by-segment via group_mut / add_group, then update or add_entry.

Field writes use the new set_protected / set_unprotected helpers, preserving "Password protected, everything else unprotected" behavior.

Lookup semantics are unchanged: path segments before the last name exact-named subgroups; the final segment is searched recursively by entry title.

Changed

Migrate from keyring v3 to keyring-core v1 (#493) -- @jdx

Upstream keyring v4 is now just a CLI/sample app — the library moved to keyring-core plus per-platform credential-store crates. fnox now depends on:

apple-native-keyring-store (with the keychain feature) on macOS

windows-native-keyring-store on Windows

dbus-secret-service-keyring-store (with crypto-rust + vendored) on Linux

A new fnox_core::keyring_store::init() lazily registers the default store once per process; both the keychain provider and the github_oauth lease backend invoke it before constructing an Entry. Error classification now matches keyring_core::Error::{NoEntry, NoStorageAccess(_)} enum variants instead of string-matching error messages, producing more accurate ProviderSecretNotFound vs ProviderAuthFailed errors.

No config or CLI surface changes — the keychain provider and github_oauth lease backend keep the same TOML fields and behavior.

Documentation

Use the keychain for a bootstrap key, not bulk storage (#495) -- @jdx

The keychain provider docs now recommend storing a single age identity in the OS keychain and encrypting the rest of your secrets with the age provider, so you hit one "Always Allow" prompt instead of one per secret:

[providers]
keychain = { type = "keychain", service = "fnox" }
age = { type = "age", recipients = ["age1..."], identity = { provider = "keychain", value = "age-key" } }

[secrets]
DATABASE_URL = { provider = "age", value = "encrypted..." }
API_KEY = { provider = "age", value = "encrypted..." }
STRIPE_KEY = { provider = "age", value = "encrypted..." }

Reach for provider = "keychain" directly only for the handful of bootstrap secrets that have nothing else to decrypt them.

Full Changelog: v1.25.0...v1.25.1

💚 Sponsor fnox

fnox is maintained by @jdx under en.dev — a small independent studio building developer tooling like mise, aube, hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.

If fnox is handling secrets or config for you or your team, please consider sponsoring at en.dev. Sponsorships are what let fnox stay independent and the project keep moving.