AISlop

Minor on top of 0.6.2. Two user-facing additions, one security floor on a transitive, plus an auto-update workflow for the Contributors block.

Install

npx [email protected] scan .
# or globally:
npm i -g [email protected]

What shipped

Added

extends: in .aislop/config.yml (#45). Project configs can inherit a parent and override only the keys they need. Useful for org-wide baselines: one strict parent in the monorepo root, per-package overrides for ci.failBelow or specific weights.

# packages/payments/.aislop/config.yml
extends: ../../.aislop/base.yml

ci:
  failBelow: 80    # override one key, inherit the rest

Multiple parents via an array; later entries win. Nested objects deep-merge key-by-key, arrays replace wholesale. Cycles and chains > 5 are rejected at load time. Full spec in docs/configuration.md.

Public score badge in the README header (#46). Drop this in any README:

[![aislop](https://badges.scanaislop.com/score/<owner>/<repo>.svg)](https://scanaislop.com/<owner>/<repo>)

Shields-compatible SVG, edge-cached on Cloudflare. Bands: green ≥ 85, amber 70–84, red < 70, grey if no scans yet. The CLI's own README now wears it next to npm version, CI, and License.

Security

postcss ≥ 8.5.10 floor (#49). pnpm.overrides pins the floor; lock resolves to 8.5.13. Closes the security/vulnerable-dependency finding aislop's own scan reports on this repo. No top-level dep used postcss directly, so an override is the right tool over a runtime dep we don't actually need.

Repo health

Contributors block now auto-updates (post-#51). New workflow at .github/workflows/contributors.yml reads git log on every push to develop / main, resolves email → GitHub login (noreply pattern, then .github/contributors-overrides.json, then GitHub search API), renders an @mention link list between markers in the README, and opens a PR via peter-evans/create-pull-request. No emojis, no avatars, no branch-protection bypass needed. Three contributors seeded: @heavykenny, @yashrajoria, @myke-awoniran.

Stale text dropped

(new in 0.6.0) qualifiers gone from Quick start and the "Why aislop" bullet. Sample-output banner bumped from 0.6.2 to 0.7.0.

Parked

Draft PR #48 holds an unwired TypeScript-as-lint engine (src/engines/lint/typecheck.ts). The implementation is solid — it walks tsconfigs, finds the local tsc, parses --pretty false output into Diagnostics, dedupes across multi-project monorepos. The registry plumbing, schema, config gate, and tests aren't in this release. Tracking on the PR for a future minor.

Stats

• 630 / 630 tests passing.
• node dist/cli.js scan --json on this repo: 100 / 100, 0 diagnostics, 116 files in 2.5s.
• 4 PRs into develop since v0.6.2 (#45, #46, #49, #50) plus the contributors workflow direct-commits.

What's Changed

• release: promote develop → main (v0.7.0) by @heavykenny in https://github.com/scanaislop/aislop/pull/52
• release: promote develop → main (contributors-workflow CI fix) by @heavykenny in https://github.com/scanaislop/aislop/pull/54
• release: promote develop → main (aislop badge command) by @heavykenny in https://github.com/scanaislop/aislop/pull/56
• docs: surface the new aislop badge command in README by @heavykenny in https://github.com/scanaislop/aislop/pull/57
• Bot/sync from main by @heavykenny in https://github.com/scanaislop/aislop/pull/62
• chore: sync main → develop by @heavykenny in https://github.com/scanaislop/aislop/pull/66
• chore: sync main → develop by @github-actions[bot] in https://github.com/scanaislop/aislop/pull/68
• chore: sync main → develop by @github-actions[bot] in https://github.com/scanaislop/aislop/pull/70
• chore: sync main → develop by @heavykenny in https://github.com/scanaislop/aislop/pull/73

New Contributors

• @github-actions[bot] made their first contribution in https://github.com/scanaislop/aislop/pull/68

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.6.2...v0.7.0