Skip to content

AISlop

v0.9.1 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 15d Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-slop ai-slop-detection cli code-quality code-review
+13 more
developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Updates Fewer false positives, Display polish, and scan across a mixed release.

Full changelog

aislop 0.9.1

Patch release focused on scan accuracy, lower noise, and better real-world signal quality.

This release reduces false positives across Vite, Next.js, SolidStart, SST, and Bun projects; adds smarter complexity thresholds by language and role; aggregates vulnerable dependency findings by package; introduces a Top findings scan breakdown; adds --include support to aislop scan; hardens scan stability; and adds an enterprise-friendly init --strict mode.

Install

npx [email protected] scan .

# or globally
npm i -g [email protected]

Highlights

Fewer false positives

  • Vite virtual module suffixes such as ?worker, ?url, ?raw, ?inline, and ?init are now stripped before dependency checks.
  • ~icons/ virtual modules and unfonts.css are recognized when the matching unplugin dependency is present.
  • TypeScript compilerOptions.baseUrl is now honored alongside paths, matching common bundler and Next.js resolution behavior.
  • Auto-imported Icon* globals are allowed when unplugin-icons is installed.
  • Bun globals are allowed when @types/bun or bun-types is present.
  • SST platform globals are recognized in files with the canonical SST platform reference directive.
  • _-prefixed unused variables are treated as intentionally unused.
  • Next.js public/ JavaScript assets and Vite timestamped config cache bundles are excluded from scans.

Smarter complexity thresholds

Complexity budgets now better match language and file role:

  • Rust files: 2.5x file budget, 1.5x function budget.
  • Go files: 1.5x file budget.
  • TSX/JSX files: 1.5x file budget.
  • PascalCase TSX/JSX functions: 2.0x function budget for React-style components.
  • .d.ts files are exempt.

Better vulnerable dependency reporting

Vulnerable dependency findings are now aggregated per package. Instead of one diagnostic per CVE, aislop reports one finding with the worst severity and highest required upgrade target.

Top findings in scan output

Scan output now includes a Top findings section showing the top 10 rules by count, with severity tags, fixable counts, and human-readable labels.

--include support for aislop scan

You can now scope scans with include patterns:

aislop scan --include "src/**"
aislop scan --include "src/**,docs/**"
aislop scan --include "src/**" --exclude "src/generated/**"

--exclude takes precedence when both patterns match.

Thanks @myke-awoniran.

aislop init --strict

New zero-prompt strict initialization mode for enterprise-grade defaults:

  • All engines enabled.
  • Typecheck enabled.
  • CI quality gate set to 85.
  • GitHub workflow scaffolded.
  • Hook responses now include structured accountability metadata with active agent identity and touched files.
  • MCP aislop_scan results now expose qualityGate.

Scan stability hardening

Large failing JSON output now flushes correctly by using process.exitCode instead of process.exit().

The GitHub Trending daily top 15 benchmark now produces parseable JSON across all 15 repositories. Ruff format/lint is also scoped to the files selected by aislop, and zero-config scans now skip tutorial, sample, notebook, and agent-skill paths by default.

The default CI quality gate now matches the documented value of 70.

Display polish

  • Added Diagnostic.detail so per-instance context can be grouped cleanly under each rule.
  • De-duplicated identical locations under the same rule.
  • Raised terminal wrap width from 100 to 120 columns.

See the full structured entry in CHANGELOG.md.

What's Changed

  • [codex] Harden public scan stability by @heavykenny in https://github.com/scanaislop/aislop/pull/112
  • feat(scan): reduce false positives and improve large-project output by @heavykenny in https://github.com/scanaislop/aislop/pull/113
  • [codex] add strict agent gate bootstrap by @heavykenny in https://github.com/scanaislop/aislop/pull/111
  • feat(scan): add include pattern support by @myke-awoniran in https://github.com/scanaislop/aislop/pull/47
  • chore: format files touched by #47 by @heavykenny in https://github.com/scanaislop/aislop/pull/115
  • chore: release v0.9.1 by @heavykenny in https://github.com/scanaislop/aislop/pull/114
  • release: promote develop → main (v0.9.1) by @heavykenny in https://github.com/scanaislop/aislop/pull/116

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.9.0...v0.9.1

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

Sign up free

About AISlop

All releases →

Related context

Beta — feedback welcome: [email protected]