oauthlint 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +19 -26
  3. package/package.json +3 -3
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2026 Maurice Anney
3
+ Copyright (c) 2026 Auspeo
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -1,17 +1,14 @@
1
1
  <div align="center">
2
2
 
3
- <img src="https://raw.githubusercontent.com/Auspeo/oauthlint/main/docs/public/logo.svg" width="76" alt="oauthlint logo" />
4
-
5
3
  # oauthlint
6
4
 
7
5
  **Catch the OAuth / OIDC / JWT anti-patterns AI coding tools systematically produce.**
8
6
 
9
- 90 Semgrep rules · JS/TS · Python · Go · Java · Rust · CLI + GitHub Action + VS Code · free & MIT
7
+ A curated, multi-language Semgrep rule pack · JS/TS · Python · Go · Java · Rust (and growing) · CLI + GitHub Action + VS Code · free & MIT
10
8
 
11
9
  [![npm](https://img.shields.io/npm/v/oauthlint.svg)](https://www.npmjs.com/package/oauthlint)
12
10
  [![npm downloads](https://img.shields.io/npm/dm/oauthlint.svg)](https://www.npmjs.com/package/oauthlint)
13
- [![CI](https://github.com/Auspeo/oauthlint/actions/workflows/ci.yml/badge.svg)](https://github.com/Auspeo/oauthlint/actions/workflows/ci.yml)
14
- [![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/Auspeo/oauthlint/blob/main/LICENSE)
11
+ [![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
15
12
  [![docs](https://img.shields.io/badge/docs-oauthlint.dev-2f6feb.svg)](https://oauthlint.dev)
16
13
 
17
14
  </div>
@@ -44,12 +41,6 @@ oauthlint is the layer between generic SAST and an enterprise IAM program:
44
41
  **free, focused, developer-first.** Every finding names the rule, the exact
45
42
  `file:line`, *why* it's dangerous, and *how* to fix it — with CWE/OWASP mappings.
46
43
 
47
- <div align="center">
48
-
49
- ![oauthlint scanning a project and flagging JWT auth issues](https://raw.githubusercontent.com/Auspeo/oauthlint/main/docs/public/demo.gif)
50
-
51
- </div>
52
-
53
44
  ## Why oauthlint, and not just Semgrep?
54
45
 
55
46
  Honest answer: nothing stops you from writing these rules yourself. Semgrep is
@@ -60,9 +51,10 @@ oauthlint gives you is the work most people never do:
60
51
  - **Low false positives, validated against real auth libraries.** The rules are
61
52
  run against `jose`, NextAuth, PyJWT, Authlib, `golang/oauth2`, `oauth2-rs`,
62
53
  Spring Security and more. Anything that fires on mature library source goes to
63
- a triage queue, not to you — 90 rules × ~9,400 files, **zero false positives**
64
- on the clean auth libraries ([validation report](https://oauthlint.dev/VALIDATION)).
65
- - **One coherent product across five languages.** Same concepts, same ID scheme,
54
+ a triage queue, not to you — validated across thousands of files of real
55
+ auth-library source, with **zero false positives** on the clean libraries
56
+ ([validation report](https://oauthlint.dev/VALIDATION)).
57
+ - **One coherent product across every language it covers.** Same concepts, same ID scheme,
66
58
  same docs — not a patchwork of community rules with mismatched styles.
67
59
  - **Every finding teaches.** All 90 rules link to a fix page with CWE and OWASP
68
60
  mappings. It's a lesson, not a grep hit.
@@ -134,18 +126,19 @@ Or just fail the build on HIGH findings: `npx oauthlint scan ./src --fail-on HIG
134
126
 
135
127
  ## What it catches
136
128
 
137
- 90 rules across OAuth 2.0, OIDC, JWT, cookies, CORS, secrets and session
138
- hygiene — each mapped to CWE & OWASP, each with a documentation page.
129
+ Rules across OAuth 2.0, OIDC, JWT, cookies, CORS, secrets and session hygiene —
130
+ each mapped to CWE & OWASP, each with a documentation page. Languages covered
131
+ today (more on the way):
139
132
 
140
- | Language | Rules |
141
- |----------|:-----:|
142
- | JavaScript / TypeScript | 42 |
143
- | Python (PyJWT, requests, Flask, Django) | 12 |
144
- | Java (Spring Security, jjwt, nimbus-jose-jwt) | 12 |
145
- | Go (golang-jwt, crypto/tls, net/http) | 12 |
146
- | Rust (jsonwebtoken, reqwest, actix/tower) | 12 |
133
+ | Language | Libraries |
134
+ |----------|-----------|
135
+ | JavaScript / TypeScript | jose, jsonwebtoken, NextAuth, express, … |
136
+ | Python | PyJWT, Authlib, requests, Flask, Django |
137
+ | Java | Spring Security, jjwt, nimbus-jose-jwt |
138
+ | Go | golang-jwt, crypto/tls, net/http |
139
+ | Rust | jsonwebtoken, reqwest, actix/tower |
147
140
 
148
- 👉 **Browse the full catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
141
+ 👉 **Browse the full, always-current catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
149
142
 
150
143
  ## Configuration
151
144
 
@@ -184,5 +177,5 @@ the next reviewer needs to see exactly which lines opted out, and why.
184
177
 
185
178
  ## License
186
179
 
187
- MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE). Built
188
- by [Maurice Anney](https://github.com/Mauriceanney), an IAM engineer.
180
+ MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE).
181
+ Built and maintained by [Auspeo](https://github.com/Auspeo).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oauthlint",
3
- "version": "0.2.2",
3
+ "version": "0.2.3",
4
4
  "description": "Catch the OAuth/OIDC/JWT anti-patterns AI coding tools systematically produce. CLI wrapper around the oauthlint-rules Semgrep rule pack.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -47,7 +47,7 @@
47
47
  "picocolors": "1.1.1",
48
48
  "yaml": "2.9.0",
49
49
  "zod": "3.24.1",
50
- "oauthlint-rules": "0.2.1"
50
+ "oauthlint-rules": "0.2.2"
51
51
  },
52
52
  "devDependencies": {
53
53
  "@types/node": "22.10.5",
@@ -65,7 +65,7 @@
65
65
  "homepage": "https://oauthlint.dev",
66
66
  "bugs": "https://github.com/Auspeo/oauthlint/issues",
67
67
  "license": "MIT",
68
- "author": "Maurice Anney <webofboss@gmail.com>",
68
+ "author": "Auspeo (https://github.com/Auspeo)",
69
69
  "engines": {
70
70
  "node": ">=20.0.0"
71
71
  },