AISlop

v0.10.2 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-slop ai-slop-detection cli code-quality code-review

+13 more

developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Added suppression directives, .aislopignore file, and safe fix mode; coverage gate now hides scores for negligible analysis.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	Adds suppression directives to silence findings inline. Adds suppression directives to silence findings inline. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds .aislopignore root-level ignore file for path exclusion. Adds .aislopignore root-level ignore file for path exclusion. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Adds `aislop fix --safe` mode for behaviour‑preserving fixes only. Adds `aislop fix --safe` mode for behaviour‑preserving fixes only. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes no‑downgrade guard on `aislop fix -f` to skip unsafe dependency overrides. Fixes no‑downgrade guard on `aislop fix -f` to skip unsafe dependency overrides. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes CVE root‑cause collapse to attribute transitive vulnerabilities to the originating package. Fixes CVE root‑cause collapse to attribute transitive vulnerabilities to the originating package. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes GitHub Action telemetry to flush events before process exit (max 1.5 s). Fixes GitHub Action telemetry to flush events before process exit (max 1.5 s). Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes GitHub Action exact‑version pins to resolve from a temp directory, avoiding local package use. Fixes GitHub Action exact‑version pins to resolve from a temp directory, avoiding local package use. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Changes coverage gate to withhold score when analyzable file fraction is negligible. Changes coverage gate to withhold score when analyzable file fraction is negligible. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes Python comma import handling to process each module individually. Fixes Python comma import handling to process each module individually. Source: llm_adapter@2026-06-02 Confidence: low	—
Bugfix	Low	Fixes empty‑function detection to recognise normal function declarations. Fixes empty‑function detection to recognise normal function declarations. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Low	Handles Python comma imports per‑module instead of deleting entire line when one module is unused. Handles Python comma imports per‑module instead of deleting entire line when one module is unused. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—

Full changelog

A patch release: safer release/CI plumbing and sharper scan consistency.

Added

Suppression directives — silence an intentional finding inline: // aislop-ignore-next-line [rule...], // aislop-ignore-line [rule...], or // aislop-ignore-file [rule...]. Scope to named rules or omit to silence every rule on the line, and add a reason after --. Works in any comment syntax. Suppressed findings are dropped before scoring and reported as a count.
.aislopignore — a root-level ignore file (same glob semantics as the exclude config) to keep whole paths out of every scan.
aislop fix --safe — an opt-in mode restricted to behaviour-preserving fixes (unused-import removal, import merging, narrative-comment removal, formatting). Anything that deletes code or rewrites behaviour is skipped. The default fix is unchanged.
Action smoke coverage across default/explicit latest, pinned npm-version, JSON, human, and node-version-override modes.

Changed

Coverage gate — the numeric score is now withheld when only a negligible fraction of a repo is analysable: no files in a supported language, or unsupported-language code (C, C++, C#, Swift, Kotlin, etc.) outnumbering supported files by more than three to one. --json returns score: null with scoreable: false and a coverage breakdown, and ci does not gate on a withheld score.

Fixed

No-downgrade guard on aislop fix -f: a dependency override that would pin a package below the installed version is skipped and reported, not applied.
CVE root-cause collapse: a transitive vulnerability is attributed to the package that carries the advisory instead of emitting a near-duplicate finding for every intermediate package.
Python comma imports: import os, sys is now handled per-module instead of deleting the whole line when one module is unused.
Hook telemetry: aislop hook <agent> flushes its event before the process exits (bounded to 1.5s) instead of dropping it.
GitHub Action exact-version pins: pins such as version: "0.10.1" run from an isolated temp directory so npm resolves the published package, not a checked-out local one.
Rule catalog consistency across aislop rules, rule labels, and docs/rules.md.
Empty-function detection: ai-slop/empty-function recognises normal function declarations, not only arrow stubs.

Tests

1029 passing; self-scan 100/100 with zero diagnostics.

Install: npx [email protected] scan · npm i -g [email protected]

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

About AISlop

All releases →