Skip to content

v1.3.0 β€” CLI tools, CI/CD suite, 11 languages, security hardening

Choose a tag to compare

@rahuldk1105 rahuldk1105 released this 27 Jun 15:10

What's new in v1.3.0

New CLI Features

  • --explain [category] β€” Offline knowledge base: 38 categories with why-it-matters, how-to-fix, and code examples
  • --file <path> β€” Per-file drill-down: scan one file and show only its findings (great for pre-commit)
  • --breakdown β€” Score breakdown by category: see exactly which categories are costing the most points
  • --perf β€” Scanner timing: bar chart showing how long each scanner group took
  • --output-dir <path> β€” Save all 5 report formats (JSON/HTML/SARIF/JUnit/Markdown) in one command
  • --since-commit <sha> β€” Diff mode: only show findings for files changed since a git ref
  • --exit-codes β€” Meaningful exit codes: 2=threshold, 3=regression, 4=trend, 5=security, 6=license
  • --notify <url> β€” Slack/Teams/Discord webhook notifications with platform-native formatting
  • --update-readme β€” Auto-update health badge in README.md after every scan
  • --fail-on-trend β€” Smarter CI gating: only fail when score drops 3+ consecutive runs (with sparkline)
  • --bundle β€” Bundle size regression detection vs last recorded baseline
  • --monorepo β€” Scan each workspace package separately with per-package scores and rollup
  • --init β€” Interactive wizard to generate .roastrc.json
  • --serve β€” Live web dashboard with SSE auto-refresh on file changes

New Scanners

  • License compliance β€” Flag GPL/AGPL/LGPL deps in commercial projects
  • Database queries β€” Prisma/TypeORM/Sequelize/Mongoose anti-patterns (N+1, raw SQL, force:true)
  • Config auditor β€” tsconfig.json strictness, ESLint coverage, Prettier configuration
  • Test quality β€” Empty blocks, .only, always-true assertions, skipped tests, hardcoded delays
  • Bundle size β€” Track dist/ output size over time, alert on regressions
  • Custom Rule DSL β€” Define lint rules in .roastrc.json without writing TypeScript

4 New Languages (11 total)

Ruby, PHP, Swift, Kotlin β€” each with 3 scanners

GitHub Actions

  • Step Summary β€” Auto-writes markdown report to the Actions run page (zero config)
  • SARIF output β€” Findings appear as native Code Scanning alerts

Performance

  • 3-5x faster β€” All core scanners run with Promise.all
  • Finding deduplication β€” Near-identical findings merged automatically

Roast Improvements

  • 100+ new roast entries, expanded to 8-12 per category
  • Combo roast when 4+ critical categories fire simultaneously
  • Contextual opening line based on score + finding count
  • Severity-aware large-file roasts
  • generateContextualVerdict β€” smarter verdicts for security/critical/test issues

Security Fixes

  • --file path traversal protection
  • Custom rules ReDoS protection
  • --perf/--breakdown no longer corrupt JSON/SARIF stdout
  • --threshold now works without --json
  • ESLint extends string detection fixed
  • SPDX OR license expressions correctly parsed

Full changelog

See commit history