Takumi Guard now handles requests from Yarn clients differently to ensure package blocking works reliably regardless of Yarn version. Yarn v1 users will see Takumi Guard's registry URL in their yarn.lock files.

For blackbox assessments in "Scoped Assessment" mode, you can now manually edit the crawl results after crawling completes. This lets you supplement features and endpoints that were not detected, or remove unnecessary ones, for more precise assessments.

The rate limit for authenticated GitHub Actions/Bot tokens (Tier C) in Takumi Guard has been raised approximately 6x, from ~10,000 req/min to ~60,000 req/min per token. This applies to both npm and PyPI registries.

Takumi Guard now delivers your API key directly in the setup email — no verification link to click. Setup is simpler, and enterprise email security tools no longer interfere with key delivery.

Credit limits are now required for all Takumi assessments, including both blackbox and whitebox assessments.

This ensures you can control credit consumption in advance, regardless of assessment type or mode, preventing unexpected large-scale credit usage.

Risk Focus Assessment, previously available only through the web console, is now supported in Takumi API blackbox assessments.

Risk Focus Assessment lets you start with the highest-risk areas, review results, and incrementally expand the assessment scope — all within a credit limit. You can set priorities explicitly or let Takumi prioritize automatically based on risk analysis. When the credit limit is reached, the assessment outputs results up to that point and stops. You can then add more credits and resume where you left off.

This is useful when you want predictable credit consumption or need to prioritize critical areas within a budget.

You can now specify a credit limit when running crawls (blackbox-crawl workflow) via the Takumi API. You can also resume a completed crawl with additional credits to continue where it left off — just like the Additional Crawl feature in the web console.

Takumi's blackbox assessment now supports scoped assessments and retests via the Takumi API. Previously, these capabilities were only available through the web console.

• Scoped assessment: Crawl the target application first, then select specific features and perspectives to assess
• Retest: Re-run assessments targeting feature–perspective pairs where vulnerabilities were found in previous results

To support these workflows, we've made the following additions to the blackbox assessment API:

• A new crawl workflow (blackbox-crawl) that discovers features in the target application without performing any assessment
• New scoping options for the assessment workflow (blackbox-assessment) that let you specify which features and perspectives to assess

Takumi's whitebox assessment now supports Risk Focus mode — after feature enumeration, you can configure a credit limit and assessment priority for each feature and perspective to run a Risk Focus assessment.

Takumi Guard for PyPI now applies a 3-day quarantine to newly published packages.

When a new version appears on PyPI, it is held for 72 hours before being made available through Takumi Guard. This gives security analysis systems time to detect malicious packages before they are installed in your projects.