oauthlint 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +19 -19
  3. package/package.json +3 -3
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2026 Maurice Anney
3
+ Copyright (c) 2026 Auspeo
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -1,17 +1,15 @@
1
1
  <div align="center">
2
2
 
3
- <img src="https://raw.githubusercontent.com/Auspeo/oauthlint/main/docs/public/logo.svg" width="76" alt="oauthlint logo" />
4
-
5
3
  # oauthlint
6
4
 
7
5
  **Catch the OAuth / OIDC / JWT anti-patterns AI coding tools systematically produce.**
8
6
 
9
- 90 Semgrep rules · JS/TS · Python · Go · Java · Rust · CLI + GitHub Action + VS Code · free & MIT
7
+ A curated, multi-language Semgrep rule pack · JS/TS · Python · Go · Java · Rust (and growing) · CLI + GitHub Action + VS Code · free & MIT
10
8
 
11
9
  [![npm](https://img.shields.io/npm/v/oauthlint.svg)](https://www.npmjs.com/package/oauthlint)
12
10
  [![npm downloads](https://img.shields.io/npm/dm/oauthlint.svg)](https://www.npmjs.com/package/oauthlint)
13
11
  [![CI](https://github.com/Auspeo/oauthlint/actions/workflows/ci.yml/badge.svg)](https://github.com/Auspeo/oauthlint/actions/workflows/ci.yml)
14
- [![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/Auspeo/oauthlint/blob/main/LICENSE)
12
+ [![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
15
13
  [![docs](https://img.shields.io/badge/docs-oauthlint.dev-2f6feb.svg)](https://oauthlint.dev)
16
14
 
17
15
  </div>
@@ -60,9 +58,10 @@ oauthlint gives you is the work most people never do:
60
58
  - **Low false positives, validated against real auth libraries.** The rules are
61
59
  run against `jose`, NextAuth, PyJWT, Authlib, `golang/oauth2`, `oauth2-rs`,
62
60
  Spring Security and more. Anything that fires on mature library source goes to
63
- a triage queue, not to you — 90 rules × ~9,400 files, **zero false positives**
64
- on the clean auth libraries ([validation report](https://oauthlint.dev/VALIDATION)).
65
- - **One coherent product across five languages.** Same concepts, same ID scheme,
61
+ a triage queue, not to you — validated across thousands of files of real
62
+ auth-library source, with **zero false positives** on the clean libraries
63
+ ([validation report](https://oauthlint.dev/VALIDATION)).
64
+ - **One coherent product across every language it covers.** Same concepts, same ID scheme,
66
65
  same docs — not a patchwork of community rules with mismatched styles.
67
66
  - **Every finding teaches.** All 90 rules link to a fix page with CWE and OWASP
68
67
  mappings. It's a lesson, not a grep hit.
@@ -134,18 +133,19 @@ Or just fail the build on HIGH findings: `npx oauthlint scan ./src --fail-on HIG
134
133
 
135
134
  ## What it catches
136
135
 
137
- 90 rules across OAuth 2.0, OIDC, JWT, cookies, CORS, secrets and session
138
- hygiene — each mapped to CWE & OWASP, each with a documentation page.
136
+ Rules across OAuth 2.0, OIDC, JWT, cookies, CORS, secrets and session hygiene —
137
+ each mapped to CWE & OWASP, each with a documentation page. Languages covered
138
+ today (more on the way):
139
139
 
140
- | Language | Rules |
141
- |----------|:-----:|
142
- | JavaScript / TypeScript | 42 |
143
- | Python (PyJWT, requests, Flask, Django) | 12 |
144
- | Java (Spring Security, jjwt, nimbus-jose-jwt) | 12 |
145
- | Go (golang-jwt, crypto/tls, net/http) | 12 |
146
- | Rust (jsonwebtoken, reqwest, actix/tower) | 12 |
140
+ | Language | Libraries |
141
+ |----------|-----------|
142
+ | JavaScript / TypeScript | jose, jsonwebtoken, NextAuth, express, … |
143
+ | Python | PyJWT, Authlib, requests, Flask, Django |
144
+ | Java | Spring Security, jjwt, nimbus-jose-jwt |
145
+ | Go | golang-jwt, crypto/tls, net/http |
146
+ | Rust | jsonwebtoken, reqwest, actix/tower |
147
147
 
148
- 👉 **Browse the full catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
148
+ 👉 **Browse the full, always-current catalogue at [oauthlint.dev/rules](https://oauthlint.dev/rules/).**
149
149
 
150
150
  ## Configuration
151
151
 
@@ -184,5 +184,5 @@ the next reviewer needs to see exactly which lines opted out, and why.
184
184
 
185
185
  ## License
186
186
 
187
- MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE). Built
188
- by [Maurice Anney](https://github.com/Mauriceanney), an IAM engineer.
187
+ MIT — see [LICENSE](https://github.com/Auspeo/oauthlint/blob/main/LICENSE).
188
+ Built and maintained by [Auspeo](https://github.com/Auspeo).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oauthlint",
3
- "version": "0.2.2",
3
+ "version": "0.2.4",
4
4
  "description": "Catch the OAuth/OIDC/JWT anti-patterns AI coding tools systematically produce. CLI wrapper around the oauthlint-rules Semgrep rule pack.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -47,7 +47,7 @@
47
47
  "picocolors": "1.1.1",
48
48
  "yaml": "2.9.0",
49
49
  "zod": "3.24.1",
50
- "oauthlint-rules": "0.2.1"
50
+ "oauthlint-rules": "0.2.2"
51
51
  },
52
52
  "devDependencies": {
53
53
  "@types/node": "22.10.5",
@@ -65,7 +65,7 @@
65
65
  "homepage": "https://oauthlint.dev",
66
66
  "bugs": "https://github.com/Auspeo/oauthlint/issues",
67
67
  "license": "MIT",
68
- "author": "Maurice Anney <webofboss@gmail.com>",
68
+ "author": "Auspeo (https://github.com/Auspeo)",
69
69
  "engines": {
70
70
  "node": ">=20.0.0"
71
71
  },