Skip to main content
aislop scans your codebase by running six specialized engines in parallel — Formatting, Linting, Code Quality, AI Slop, Security, and Architecture — then combines their findings into a single 0–100 score. Because every engine uses regex, AST analysis, and standard tooling rather than a language model, you always get the same score for the same code. No API calls, no network round-trips, no nondeterminism.

The six engines

Each engine targets a distinct category of problem. They all run concurrently, which is how aislop completes a full scan in sub-second time.

Formatting

Enforces consistent code style using the canonical formatter for each language: Biome for TypeScript/JavaScript, ruff for Python, gofmt for Go, cargo fmt for Rust, rubocop for Ruby, and php-cs-fixer for PHP.

Linting

Catches language-specific bugs and bad practices via oxlint (TypeScript/JavaScript), ruff (Python), golangci-lint (Go), clippy (Rust), rubocop (Ruby), and expo-doctor for Expo/React Native project health.

Code Quality

Measures structural complexity and finds dead code: oversized functions and files, deep nesting, too many parameters, duplicate blocks, unused declarations, and unused dependencies via knip (JS/TS).

AI Slop

The engine unique to aislop. Catches the patterns AI coding agents leave behind — narrative and trivial comments, swallowed exceptions, as any casts, TODO stubs, hallucinated imports, unreachable code, and more.

Security

Finds hardcoded secrets, unsafe constructs (eval, innerHTML, SQL/shell injection), and vulnerable dependencies via npm, pip, cargo, and govulncheck audits.

Architecture

Opt-in structural rules you define in .aislop/rules.yml: ban specific imports project-wide, enforce layer boundaries, or require certain patterns in specific file paths.

Parallel execution and sub-second results

All six engines start at the same time. aislop does not wait for one engine to finish before launching the next. On most projects you get a complete scan — formatting, linting, complexity, AI slop, security, and architecture — in well under a second.

Supported languages

aislop fully supports eight language targets. The table below shows which engines apply to each one.
LanguageFormatLintCode QualityAI SlopSecurity
TypeScriptBiomeoxlintknip, complexityAll rulesAll rules
JavaScriptBiomeoxlintknip, complexityAll rulesAll rules
Expo / React NativeBiomeoxlint + expo-doctorknip, complexityAll rulesAll rules
PythonruffruffcomplexityImports, exceptions, commentsSecrets, audit
Gogofmtgolangci-lintcomplexityExceptions, commentsSecrets, audit
Rustcargo fmtclippycomplexityCommentsSecrets, audit
RubyrubocoprubocopcomplexityExceptions, commentsSecrets
PHPphp-cs-fixercomplexityCommentsSecrets
If your repository is primarily written in an unsupported language (C, C++, C#, Swift, Kotlin, etc.), aislop withholds the score rather than printing a number based on a handful of incidental files. The CLI explains why and --json output returns "score": null along with "scoreable": false and a coverage breakdown.

Deterministic by design

aislop uses regex matching, AST analysis, and well-established language tooling at runtime — never a language model. Given identical input code, you will always get an identical score. This makes aislop safe to use in CI gates, pre-commit hooks, and editor integrations without worrying about flaky or nondeterministic results.
Run aislop doctor to check which engines can run in your environment. Some engines require their respective toolchains (Go, Rust, Ruby, PHP) to be installed.