AISlop

v0.10.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 4d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-slop ai-slop-detection cli code-quality code-review

+13 more

developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Updates Python, cli, and ai-slop across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	CLI now shows a quiet update‑available notification when newer version exists. CLI now shows a quiet update‑available notification when newer version exists. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Detector now recognizes `async def` and wrapped multi‑line function signatures in Python. Detector now recognizes `async def` and wrapped multi‑line function signatures in Python. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	`function-too-long` rule measures logical body, ignoring docstrings, comments, and blank lines. `function-too-long` rule measures logical body, ignoring docstrings, comments, and blank lines. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	`too-many-params` rule counts only required parameters, ignoring `self/cls`, `args/kwargs`, and defaulted arguments. `too-many-params` rule counts only required parameters, ignoring `self/cls`, `args/**kwargs`, and defaulted arguments. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix
Bugfix	Medium	Scanner no longer processes code inside JSDoc/TSDoc `@example` blocks, reducing false positives. Scanner no longer processes code inside JSDoc/TSDoc `@example` blocks, reducing false positives. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	`duplicate-import` false positive on type-fest reduced from 143 to 0 findings. `duplicate-import` false positive on type-fest reduced from 143 to 0 findings. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	`hardcoded-secret` error no longer flags password inside Hono doc example. `hardcoded-secret` error no longer flags password inside Hono doc example. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	`duplicate-import` stops suggesting invalid merge of `import * as x` with named import. `duplicate-import` stops suggesting invalid merge of `import * as x` with named import. Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

This release sharpens accuracy on real-world code and adds a small quality-of-life feature.

Complexity, measured honestly (Python)

The function detector only recognised single-line synchronous def, so async def and wrapped multi-line signatures were invisible to function-too-long, too-many-params, and deep-nesting. On a large library like python-telegram-bot that is about 58% of the codebase.

async def and wrapped signatures are now detected.
function-too-long measures a function by its logical body, not its docstrings, comments, or blank lines. A well-documented function is not a long one.
too-many-params counts required parameters only, ignoring self/cls, *args/**kwargs, and arguments with defaults. An API wrapper's optional keyword surface is idiomatic, not a smell.

Fewer false positives in TypeScript and JavaScript

Text-pattern rules no longer treat code inside JSDoc/TSDoc @example blocks as live source, the largest false-positive source on well-documented libraries.

duplicate-import on type-fest: 143 findings down to 0.
hardcoded-secret (error severity) on a password inside a Hono doc example: gone.
Genuine findings are untouched, including zod's real as any usage.
duplicate-import also stops suggesting you merge import * as x with a named import, which would not be valid TypeScript.

Update notice

The CLI now tells you, in one quiet line, when a newer version is available. It is cache-backed so it never blocks a run, and stays silent in CI, in non-interactive output, and when you opt out with AISLOP_NO_UPDATE_NOTIFIER.

Tests

Full suite at 953, including a regression net: a realistic Python corpus with golden per-rule assertions and a detection-invariant check that fails on the old detector.

Install or upgrade with npx aislop@latest.

What's Changed

feat(cli): update-available notifier by @heavykenny in https://github.com/scanaislop/aislop/pull/158
fix(ai-slop): stop scanning code inside JSDoc/TSDoc comments by @heavykenny in https://github.com/scanaislop/aislop/pull/159
chore: release 0.10.1 by @heavykenny in https://github.com/scanaislop/aislop/pull/157
docs(changelog): fold notifier + comment-bleed into the 0.10.1 entry by @heavykenny in https://github.com/scanaislop/aislop/pull/161
Release: develop → main by @heavykenny in https://github.com/scanaislop/aislop/pull/160

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.10.0...v0.10.1

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

About AISlop

All releases →