AISlop

v0.9.5 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 5d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-slop ai-slop-detection cli code-quality code-review

+13 more

developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Updates https://github.com/scanaislop/aislop/blob/main/CHANGELOG.md, npm, and ai-slop across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	Adds pi agent support via `aislop fix --pi` and `--crush` hand‑off commands. Adds pi agent support via `aislop fix --pi` and `--crush` hand‑off commands. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds silent‑recovery rule to flag catch blocks that only log and continue. Adds silent‑recovery rule to flag catch blocks that only log and continue. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds meta‑comment rule to flag AI plan/process narration comments. Adds meta‑comment rule to flag AI plan/process narration comments. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Introduces SARIF output via `scan --sarif` command. Introduces SARIF output via `scan --sarif` command. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds `trend` command for analysis trend reporting. Adds `trend` command for analysis trend reporting. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds per‑rule severity override capability in configuration. Adds per‑rule severity override capability in configuration. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds hardcoded-config and defensive-pattern rules (hardcoded-id, hardcoded-url, redundant-try-catch, redundant-type-coercion, duplicate-type-declaration). Adds hardcoded-config and defensive-pattern rules (hardcoded-id, hardcoded-url, redundant-try-catch, redundant-type-coercion, duplicate-type-declaration). Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Bugfix
Bugfix	Medium	Fixes Python import false positives for divergent install vs import names. Fixes Python import false positives for divergent install vs import names. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Fixes TypeScript @types resolution false positives for type-only imports. Fixes TypeScript @types resolution false positives for type-only imports. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Corrects duplicate-import rule to ignore separate import vs import type from same module. Corrects duplicate-import rule to ignore separate import vs import type from same module. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Refines security/eval rule to exclude member calls like foo.exec(...). Refines security/eval rule to exclude member calls like foo.exec(...). Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

First release since the Hacker News launch. Fixes the Python import false positives reported there, adds two precision rules, ships the SARIF / per-rule-severity / trend tooling, and extends agent support to pi.

Added

pi agent support — aislop fix --pi / --crush hand-off, and aislop hook install --pi (auto-running pi extension that scans each edit).
ai-slop/silent-recovery — flags catch blocks that only log and continue.
ai-slop/meta-comment — flags AI plan/process narration comments.
SARIF output (scan --sarif), trend command, per-rule severity overrides, config JSON schema, and a pre-commit hook.
Hardcoded-config and defensive-pattern rules — hardcoded-id, hardcoded-url, redundant-try-catch, redundant-type-coercion, duplicate-type-declaration.

Fixed

Python import false positives — install-name vs import-name divergences (yaml→pyyaml, PIL→pillow, etc.) and [project.optional-dependencies] extras. Reported on HN.
TypeScript @types resolution — type-only imports backed solely by @types/X no longer flagged.
duplicate-import — separate import type / import from the same module is no longer a duplicate.
security/eval — member calls like foo.exec(...) no longer match the bare exec( rule.

Full notes in CHANGELOG.md.

What's Changed

chore(npm): align package description with README and GitHub About by @heavykenny in https://github.com/scanaislop/aislop/pull/138
feat(ai-slop): detect hardcoded config and agent patterns by @heavykenny in https://github.com/scanaislop/aislop/pull/139
SARIF output, per-rule severity, trend command, config JSON schema, pre-commit hook by @heavykenny in https://github.com/scanaislop/aislop/pull/140
Fix false positives reported on HN, add two precision rules + --pi/--crush by @heavykenny in https://github.com/scanaislop/aislop/pull/144
Add pi hook install support (runtime extension) by @heavykenny in https://github.com/scanaislop/aislop/pull/145
chore: release 0.9.5 by @heavykenny in https://github.com/scanaislop/aislop/pull/146
Release 0.9.5: promote develop to main by @heavykenny in https://github.com/scanaislop/aislop/pull/147

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.9.4...v0.9.5

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

About AISlop

All releases →