hallint v0.1.8 Ships Noise Fixes and Smarter Secret Detection for AI-Written Code
The hallint linter, built to catch security bugs commonly introduced by AI coding assistants, has released updates v0.1.8 and v0.1.7 of its core and CLI packages. Community feedback from the project's initial launch drove most of the changes, including removing the noisy async-no-catch rule from the default recommended ruleset. The missing-auth-check rule now supports inline suppression markers so developers can explicitly designate public routes like health checks without triggering false positives. Hardcoded-secret detection was upgraded with a dual-pass approach that flags known token prefixes such as ghp_, sk-, AKIA, and xoxb- as critical findings regardless of variable name. Additional fixes include more accurate SQL injection warning copy, a more reliable async function boundary scanner, and a cleaner rule dispatch system based on the presence of a match() function rather than a manually set layer property.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in