This release adds supply-chain security improvements by recording provenance verification results in lockfiles, exposes libc variant detection to vfox plugins, and fixes several bugs including duplicate task execution, offline mode hangs, and Windows binary identification.

Highlights

• Provenance tracking in lockfiles prevents downgrade attacks by recording which verification mechanism was used for each tool, and refusing to install if that mechanism is later disabled.
• Task delegation deduplication fixes a bug where shared dependency tasks could run multiple times when using run = [{ task }].
• Offline mode fix prevents mise env, hook-env, activate, and exec from hanging when resolving "latest" versions behind private registries.

Added

• Provenance verification results stored in lockfiles -- mise lock now records which provenance mechanism (SLSA, GitHub attestations, cosign, or minisign) was used to verify each tool per platform. On subsequent installs, mise refuses to proceed if the recorded verification mechanism is disabled or unavailable, protecting against downgrade/stripping attacks. The lockfile format also changes from inline tables to dotted-key subtables for platform entries, improving readability. Existing lockfiles remain backwards-compatible and will be updated on the next mise lock. #8495 by @jdx

• RUNTIME.envType for vfox plugins -- Vfox Lua plugins can now check RUNTIME.envType to determine the libc variant at runtime ("gnu" for glibc, "musl" for musl Linux, nil on non-Linux). This lets plugins select the correct binary variant for the host system. #8493 by @malept

  if RUNTIME.envType == "musl" then
      -- download musl-compatible binary
  elseif RUNTIME.envType == "gnu" then
      -- download glibc-compatible binary
  end
  

• Registry: portless -- Added portless (npm:portless) to the tool registry. #8508 by @risu729

Fixed

• Shared dependency tasks no longer run multiple times with task delegation -- When a task uses run = [{ task }] to delegate, the sub-graph now inherits knowledge of tasks already completed in the parent graph, preventing shared dependencies from executing more than once. #8497 by @vadimpiven

• "latest" version no longer triggers network calls in prefer-offline mode -- mise env, hook-env, activate, and exec with prefer_offline enabled would still make a remote call to resolve "latest" versions (e.g., npm:pkg = "latest"). If the registry held the connection open waiting for credentials, mise would hang indefinitely. This is now skipped, matching the existing offline guard for fully-qualified versions. #8500 by @jdx

• Windows: mise binary correctly identified without .exe extension -- On Windows, argv[0] can resolve to mise (without .exe), mise.bat, or mise.cmd, all of which were incorrectly treated as shims. This caused mise --help and mise --version to silently fail in some environments (e.g., conda-forge CI). A unified is_mise_binary() helper now handles all these variants. #8503 by @jdx, with credit to @salim-b for identifying the issue in #8496

Full Changelog: https://github.com/jdx/mise/compare/v2026.3.4...v2026.3.5