Skip to content

AISlop

v0.9.6 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 5d Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-slop ai-slop-detection cli code-quality code-review
+13 more
developer-tools go javascript linter php pre-commit pull-request python quality-gate ruby rust static-analysis typescript

Summary

AI summary

Fixed false‑positive flags for hardcoded-id and hardcoded-url rules and added recognition of psycopg2 from psycopg2-binary.

Changes in this release

Bugfix Medium

`ai-slop/hardcoded-id` no longer flags env-var-name literals, readable slugs, storage keys, or DB migration identifiers.

`ai-slop/hardcoded-id` no longer flags env-var-name literals, readable slugs, storage keys, or DB migration identifiers.

Source: llm_adapter@2026-05-30

Confidence: high
Bugfix Medium

`ai-slop/hardcoded-url` no longer flags localhost / loopback URLs.

`ai-slop/hardcoded-url` no longer flags localhost / loopback URLs.

Source: llm_adapter@2026-05-30

Confidence: high
Bugfix Medium

`ai-slop/hallucinated-import` now recognises `psycopg2` as provided by `psycopg2-binary`.

`ai-slop/hallucinated-import` now recognises `psycopg2` as provided by `psycopg2-binary`.

Source: llm_adapter@2026-05-30

Confidence: high
Full changelog

Patch release. Precision fixes for the hardcoded-id / hardcoded-url rules introduced in 0.9.5 (which over-flagged on real codebases), plus a hallucinated-import alias fix.

Fixed

  • ai-slop/hardcoded-id no longer flags env-var-name literals passed to config helpers (optional("STRIPE_PRICE_ID", "")), readable kebab/snake slugs and storage keys (rule keys, STORAGE_KEY values, CSS classes), or identifiers in DB migration files. Now requires a digit-bearing opaque token, so genuine provider/project IDs (price_1Oabc…, AWS keys, OAuth client IDs) are still caught.
  • ai-slop/hardcoded-url no longer flags localhost / loopback URLs (dev defaults).
  • ai-slop/hallucinated-import now recognises psycopg2 as provided by psycopg2-binary (community-reported, #130).

Full notes in CHANGELOG.md.

What's Changed

  • fix(ai-slop): hardcoded-id/url false positives + release 0.9.6 by @heavykenny in https://github.com/scanaislop/aislop/pull/149
  • fix(ai-slop): recognize psycopg2 provided by psycopg2-binary (#130) by @heavykenny in https://github.com/scanaislop/aislop/pull/151
  • Release 0.9.6: promote develop to main by @heavykenny in https://github.com/scanaislop/aislop/pull/150

Full Changelog: https://github.com/scanaislop/aislop/compare/v0.9.5...v0.9.6

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AISlop

Get notified when new releases ship.

Sign up free

About AISlop

All releases →

Related context

Beta — feedback welcome: [email protected]