This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+13 more
Summary
AI summaryUpdates Numbers, Self-scan, and v0.6.2 across a mixed release.
Full changelog
Patch on top of 0.6.1. Single focused fix: suppress knip/binaries false positives on .github/workflows/**.
Install
npx [email protected] scan .
# or globally:
npm i -g [email protected]
What shipped
knip/binaries no longer fires on CI workflow files. Before 0.6.2, aislop scan would flag every runner-provided binary (gh, aws, docker, jq, kubectl, …) invoked from .github/workflows/** as an "Unlisted binary" because they aren't declared in package.json — but they can't be, they come from the GitHub Actions runner. A self-scan of this repo hit the false positive on sync-develop.yml and dropped the score to 97 / 100.
Fix: every knip issue now routes through a new shouldIncludeIssue(issueType, filePath) predicate in src/engines/code-quality/knip.ts that drops knip/binaries diagnostics whose path contains .github/workflows/ (backslash-normalised for Windows). The rule stays active everywhere else, so an npm script invoking an undeclared tool is still a real signal.
Numbers
- 6 files changed, +50 / −3
- 617 tests passing (614 baseline + 3 new in
tests/knip-deps.test.tscovering the predicate) - Self-scan: 100 / 100 Healthy (was 97 / 100)
- No breaking changes
- Packaged size unchanged
Full Changelog: https://github.com/scanaislop/aislop/compare/v0.6.1...v0.6.2
What's Changed
- release: promote develop → main (v0.6.2) by @heavykenny in https://github.com/scanaislop/aislop/pull/44
Full Changelog: https://github.com/scanaislop/aislop/compare/v0.6.1...v0.6.2
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About AISlop
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]