Skip to main content
New aislop v0.5.0. New CLI, own AST fix engine, stable output, better experience Read more →
Documentation

Rules.

Rules are grouped by engine. Run npx aislop rules in any project to see the same list with your current config applied.

Format

Delegates to language-native formatters. All auto-fixable.

format/biome — JS/TS via Biome auto
format/ruff-format — Python via ruff auto
format/gofmt — Go auto
format/rubocop — Ruby auto
format/php-cs-fixer — PHP auto
format/cargo-fmt — Rust auto

Lint

Standard linters plus language-aware presets. Some rules auto-fix safely; destructive ones (like no-unused-vars) go through aislop's AST-based renamer instead.

oxlint/* — JS/TS correctness, imports, unicorn, react-hooks, jsx-a11y, Next.js partial auto
ruff/* — Python lints partial auto
golangci-lint/* — Go lints
clippy/* — Rust lints
expo-doctor/* — Expo / React Native dependency alignment

Astro projects auto-detect: no-undef and no-unused-expressions are disabled to avoid false positives on frontmatter globals and inline-script IIFEs (PostHog/Plausible/GTM).

Code quality

knip/unused-file — files exported nowhere auto (with -f)
knip/unused-export — exports used nowhere auto
knip/unused-dependency — dependencies listed but never imported auto (with -f)
complexity/file-too-large — files over maxFileLoc
complexity/function-too-long — functions over maxFunctionLoc. Exempts functions whose body is dominated by a single template literal.
complexity/deep-nesting — control-flow nested beyond maxNesting
complexity/too-many-params — functions with more than maxParams
code-quality/unused-declaration — aislop's AST-based dead-declaration remover auto

AI slop

The rules that catch agent-authored code. Most auto-fix.

ai-slop/trivial-comment — "// Import X" before an import, "// Initialize Y" before an assignment auto
ai-slop/narrative-comment — decorative separators, phase headers, JSDoc preambles without meaningful tags, cross-reference commentary, 5+ line prose blocks auto
ai-slop/unused-import — imports the agent added and never referenced auto
ai-slop/dead-patternif (true), return; // unreachable, empty catch blocks, silent console.log leftovers auto
ai-slop/unsafe-anyas any bypasses, @ts-ignore without justification
ai-slop/todo-stub// TODO followed by empty body or throw new Error("not implemented")
ai-slop/generic-namedata, result, handler, process as top-level identifiers

Security

security/evaleval() calls
security/innerHTML — direct innerHTML writes (XSS surface)
security/sql-injection — template-literal SQL without parameter binding
security/shell-injection — unescaped input passed to shell
security/vulnerable-dependency — npm/pnpm/pip/cargo/govulncheck audit findings

Architecture (opt-in)

Your own rules — import bans, layer separation, required patterns. Define them in .aislop/rules.yml. See Configure for the schema.