Open on GitHub

Changelog

Latest updates and announcements.

May 2026 – WebStray Starlight 1.2.0

We have completely rewritten WebStray Starlight from scratch with Next.js and next/og (powered by Satori and resvg), delivering up to a 18x performance boost and significantly lower memory overhead.

Performance Benchmarks

Migrating from a browser-based rendering approach (Puppeteer) to Next.js and next/og yielded significant speed improvements especially on subsequent requests:

  • First request: ~3,500 ms -> ~800 ms (~4x faster)
  • Subsequent requests: ~3,500 ms -> ~190 ms (~18x faster)

Subsequent requests are served instantly thanks to Next.js server-side data caching.

Legacy Codebase

The previous version of Starlight (Node.js, Express, EJS, and Puppeteer) remains available on the legacy branch.

Documentation

Ready to integrate dynamic preview images into your repositories? The updated documentation for Starlight is now available.

View WebStray Starlight Documentation

April 2026 – WebStray Authenticator 1.6.4

We’ve completely rebuilt our encryption engine to implement a robust Vault Key architecture. This update brings WebStray Authenticator's core security in line with industry-leading standards.

What's New:

  • Enhanced Zero-Knowledge Architecture: We have decoupled your Master Password from the encryption process. Your password now acts exclusively as a key to unlock a persistent, high-entropy Vault Key, which handles all data encryption.
  • Instant Password Changes: No more re-encrypting the entire database. Since your data is bound to the Vault Key rather than the password itself, changing your Master Password is now instantaneous and eliminates any risk of database corruption.
  • Brute-force Protection: Integrated the scrypt KDF to make unauthorized password cracking exponentially more difficult by significantly increasing the computational cost of attacks.

Download

Important

Migration Required: Due to the fundamental security upgrade, 1.6.2 databases are incompatible with this version. To migrate your data:

  1. Export your entries from version 1.6.2 in "Settings" -> "Export Data".
  2. Clear application database in "Settings" -> "Clear Database".
  3. Create your new Master Password to initialize the new Vault architecture.
  4. Import your data back into the application in "Settings" -> "Import Data".

April 2026 – WebStray CLI Release

We are proud to introduce WebStray CLI – the official command-line interface for the WebStray ecosystem. Designed primarily for developers and power users who prioritize speed, keyboard-centric workflows, and automation.

WebStray CLI currently ships with the following product-specific interfaces:

WebStray Authenticator CLI

Command-line interface for WebStray Authenticator.

  • Adding Plugins: The add command provides an interactive way to discover and add plugins directly from the registry.
  • Creating Plugins: The create command generates a new plugin template in seconds, including all necessary metadata.
  • Interactive Mode: If no options or arguments are provided, the CLI will automatically prompt for the required information.

WebStray Starlight CLI

Command-line interface for WebStray Starlight.

  • Getting Repository Preview: The get command starts generating the preview on the server using the Starlight API, then fetches the result and saves it to the desktop.
  • Deep Customization: Supports various flags for styling, including light theme (--light), custom border radius (--radius), monochrome progress bars (--styled), and more.

Documentation

Ready to dive in? The full documentation for WebStray CLI, including detailed command references and installation guides, is now available.

View WebStray CLI Documentation

April 2026 – Plugin Registry Launch

We have officially launched the Plugin Registry — a centralized repository for official and community-driven plugins for WebStray Authenticator.

Open Ecosystem

The registry is entirely open-source and hosted on GitHub. We invite developers to contribute by submitting Pull Requests. Check out the official documentation and help make WebStray Authenticator even more flexible and powerful for everyone.

Effortless Plugin Management

We've made plugin management as simple and convenient as possible.

  • CLI-Driven: Use WebStray CLI for interactive plugin setup and creation.
  • Manual Control: Add or create plugins manually without the CLI by simply dropping folders into the application’s plugins directory.

Security & Responsibility

Using any plugin, including those marked as "Official," involves inherent security risks. Please refer to the disclaimer in the documentation for more information on security and risks.

Documentation

Ready to start building or using plugins? Check out the full documentation for the Plugin Registry, including guides on contributing, CLI commands, and manual setup.

View Plugin Registry Documentation

March 2026 – Migration to Next.js

We have completely migrated the platform from Express/EJS to a modern Next.js architecture. This isn't just a UI refresh – it’s a total rewrite focused on performance and user experience.

  • App Router & RSC: Leveraging Next.js App Router and React Server Components for faster page loads and seamless navigation.
  • Shadcn/ui Integration: The entire interface has been rebuilt using shadcn/ui and Tailwind CSS, providing a consistent, accessible, and polished look.
  • Documentation via Velite: Our documentation is now powered by Velite and MDX, allowing for type-safe content management and interactive code examples.
  • Client-Side Interactivity: Replaced static EJS templates with dynamic React components, enabling a much richer user experience.

Documentation

Interested in how we built this? The full documentation for the WebStray website, detailing our technology stack, is now available.

View WebStray Website Documentation

March 2026 – WebStray Authenticator Release

We are excited to announce the official release of WebStray Authenticator – a next-generation desktop password manager built with a "local-first" philosophy.

Engineering a Modern Experience

Using a reactive stack powered by React 19, Vite 7, and NW.js, we’ve created an interface that feels as fluid as a native application while maintaining the flexibility of the web. The entire UI is built on shadcn/ui and tailwindcss, delivering a polished, accessible, and hardware-accelerated experience that instantly responds to user interaction.

Privacy Without Compromise

WebStray Authenticator employs a Zero-Knowledge model, meaning your master password and sensitive data never leave your machine. Every database is cryptographically bound to your specific Machine ID using AES-256-GCM encryption. This hardware-level tie ensures that even if your database file is compromised, it remains an unreadable cipher on any unauthorized device.

Built for Power Users

Efficiency is at the heart of our design. With the integrated Command Palette, execute global actions through a keyboard-centric workflow. Furthermore, the core is engineered for extensibility; a robust Plugin System implementing Dependency Injection allows developers to build custom modules, making WebStray Authenticator not just a tool, but a platform for secure data management.

Get Started

The official installer is now available for Windows. For power users on macOS and Linux, you can easily build WebStray Authenticator from source using nw-builder.

Documentation

Need help getting started? The comprehensive guide to WebStray Authenticator is now available.

View WebStray Authenticator Documentation

WebStray Website