{"id":48913884,"url":"https://github.com/afadesigns/zshellcheck","last_synced_at":"2026-04-19T01:21:03.168Z","repository":{"id":323936162,"uuid":"1095311589","full_name":"afadesigns/zshellcheck","owner":"afadesigns","description":"The first native intelligence for Zsh, leveraging deep AST parsing to lint, format, and auto-fix scripts with compiler-grade precision.","archived":false,"fork":false,"pushed_at":"2026-04-07T01:57:35.000Z","size":18574,"stargazers_count":12,"open_issues_count":5,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-07T03:15:10.592Z","etag":null,"topics":["ast","format","go","lint","scripts","shell","zsh","zshell","zshrc"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/afadesigns.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"afadesigns"}},"created_at":"2025-11-12T22:06:11.000Z","updated_at":"2026-04-07T01:54:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/afadesigns/zshellcheck","commit_stats":null,"previous_names":["afadesigns/zshellcheck"],"tags_count":329,"template":false,"template_full_name":null,"purl":"pkg:github/afadesigns/zshellcheck","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afadesigns%2Fzshellcheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afadesigns%2Fzshellcheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afadesigns%2Fzshellcheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afadesigns%2Fzshellcheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/afadesigns","download_url":"https://codeload.github.com/afadesigns/zshellcheck/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afadesigns%2Fzshellcheck/sbom","scorecard":{"id":1245388,"data":{"date":"2026-03-30T19:19:29Z","repo":{"name":"github.com/afadesigns/zshellcheck","commit":"6b680e0e9c0673b98466946834fdf860c09b02f6"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":8.1,"checks":[{"name":"Code-Review","score":2,"reason":"Found 7/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"18 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  30 out of  30 GitHub-owned GitHubAction dependencies pinned","Info:  29 out of  29 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:25","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:16","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/release-drafter.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:22","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:24","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/tag-release.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/actionlint.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/auto-approve.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:16","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conventional_commits.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/goreleaser-check.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/labeler.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/release-drafter.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:9","Info: found token with 'none' permissions: .github/workflows/scorecard.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/tag-release.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/typos.yml:14"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.7 not signed: https://api.github.com/repos/afadesigns/zshellcheck/releases/265997789","Warn: release artifact v0.1.1 not signed: https://api.github.com/repos/afadesigns/zshellcheck/releases/266060201","Warn: release artifact v0.0.79 not signed: https://api.github.com/repos/afadesigns/zshellcheck/releases/264646843","Warn: release artifact v0.1.7 does not have provenance: https://api.github.com/repos/afadesigns/zshellcheck/releases/265997789","Warn: release artifact v0.1.1 does not have provenance: https://api.github.com/repos/afadesigns/zshellcheck/releases/266060201","Warn: release artifact v0.0.79 does not have provenance: https://api.github.com/repos/afadesigns/zshellcheck/releases/264646843"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: pkg/lexer/lexer_fuzz_test.go:9","Info: GoBuiltInFuzzer integration found: pkg/parser/parser_fuzz_test.go:9"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:12"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 18 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: afadesign"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"20 out of 20 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-03-30T19:25:25.146Z","repository_id":323936162,"created_at":"2026-03-30T19:25:25.147Z","updated_at":"2026-03-30T19:25:25.147Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31910584,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"ssl_error","status_checked_at":"2026-04-16T18:21:47.142Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ast","format","go","lint","scripts","shell","zsh","zshell","zshrc"],"created_at":"2026-04-17T01:03:54.213Z","updated_at":"2026-04-17T01:03:57.745Z","avatar_url":"https://github.com/afadesigns.png","language":"Go","readme":"```\n mmmmmm  mmmm  #             \"\"#    \"\"#      mmm  #                    #\n     #\" #\"   \" # mm    mmm     #      #    m\"   \" # mm    mmm    mmm   #   m\n   m#   \"#mmm  #\"  #  #\"  #    #      #    #      #\"  #  #\"  #  #\"  \"  # m\"\n  m\"        \"# #   #  #\"\"\"\"    #      #    #      #   #  #\"\"\"\"  #      #\"#\n ##mmmm \"mmm#\" #   #  \"#mm\"    \"mm    \"mm   \"mmm\" #   #  \"#mm\"  \"#mm\"  #  \"m\n```\n\n![CI](https://github.com/afadesigns/zshellcheck/actions/workflows/ci.yml/badge.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/afadesigns/zshellcheck)](https://goreportcard.com/report/github.com/afadesigns/zshellcheck)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/afadesigns/zshellcheck/badge)](https://securityscorecards.dev/viewer/?uri=github.com/afadesigns/zshellcheck)\n[![codecov](https://codecov.io/gh/afadesigns/zshellcheck/graph/badge.svg)](https://codecov.io/gh/afadesigns/zshellcheck)\n[![SLSA](https://img.shields.io/badge/SLSA-Level%203-brightgreen)](https://slsa.dev)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n![Release](https://img.shields.io/github/v/release/afadesigns/zshellcheck)\n\n**ZShellCheck** (`v0.3.35` -- 335 Katas) is the definitive static analysis and comprehensive development suite for the entire Zsh ecosystem, meticulously engineered as the full Zsh equivalent of ShellCheck for Bash. It offers intelligent automatic fixes (planned), advanced formatting capabilities, and deep code analysis to deliver unparalleled quality, performance, and reliability for Zsh scripts, functions, and configurations.\n\n## Inspiration\n\nZShellCheck draws significant inspiration from the esteemed `ShellCheck` project, a powerful static analysis tool for `sh`/`bash` scripts. While `ZShellCheck` is an independent development with a native focus on Zsh's unique syntax and semantics, `ShellCheck`'s commitment to improving shell script quality served as a guiding principle in our mission to provide an equally robust and tailored solution for the Zsh community.\n\n## Comparison\n\nWhy use ZShellCheck over ShellCheck? See our **[Detailed Comparison](docs/REFERENCE.md#comparison-vs-shellcheck)**.\n\n**TL;DR**: Use **ShellCheck** for portable scripts (`sh`/`bash`). Use **ZShellCheck** for native **Zsh** scripts, plugins, and configuration.\n\n## Table of Contents\n\n- [Inspiration](#inspiration)\n- [Comparison](docs/REFERENCE.md#comparison-vs-shellcheck)\n- [Features](#features)\n- [Severity Levels](#severity-levels)\n- [Installation](#installation)\n- [Usage](#usage)\n- [Configuration](docs/USER_GUIDE.md#configuration)\n- [Integrations](docs/USER_GUIDE.md#integrations)\n- [Shell Completions](#shell-completions)\n- [Architecture](docs/DEVELOPER.md#architecture-overview)\n- [Troubleshooting](docs/USER_GUIDE.md#troubleshooting)\n- [Developer Guide](docs/DEVELOPER.md)\n- [Documentation](#documentation)\n- [Changelog](#changelog)\n- [Contributing](#contributing)\n- [Governance](docs/REFERENCE.md#governance)\n- [License](#license)\n\n## Features\n\n*   **Zsh-Native Parsing:** Full understanding and handling of Zsh's unique constructs, including `[[ ... ]]`, `(( ... ))`, advanced arrays, associative arrays, and parameter expansion modifiers, applicable across scripts, functions, and configuration files.\n*   **Extensible Katas:** A modular system where rules are implemented as independent \"Katas,\" allowing for easy expansion, customization, and precise control over checks.\n*   **Highly Configurable:** Tailor ZShellCheck's behavior to your project's needs by enabling or disabling specific checks via a flexible `.zshellcheckrc` configuration file.\n*   **Seamless Integration:** Designed for effortless integration into modern development workflows, supporting `pre-commit` hooks and continuous integration (CI) pipelines to enforce quality at every stage.\n\n## Severity Levels\n\nEvery Kata is assigned a severity level that indicates the impact of the issue it detects. Use the `--severity` flag to filter violations by minimum severity.\n\n| Level | Description | Example |\n| :--- | :--- | :--- |\n| **error** | Bugs or dangerous constructs that will likely cause incorrect behavior | Redirection overwrites input file, brace expansion with variables |\n| **warning** | Risky patterns that may cause subtle issues or security concerns | `rm -rf` without safeguard, `chown -R` following symlinks |\n| **info** | Suggestions for improved practices and platform compatibility | Use signal names instead of numbers, avoid `set -e` |\n| **style** | Cosmetic or idiomatic improvements for cleaner Zsh code | Prefer `[[ ]]` over `test`, use built-in variables |\n\n```bash\n# Show only errors and warnings\nzshellcheck --severity warning my_script.zsh\n\n# Show everything including style suggestions\nzshellcheck --severity style my_script.zsh\n```\n\n## Installation\n\nThe easiest way to install ZShellCheck is via the automated installer script. It supports **Linux** and **macOS**.\n\n### Automatic Install (Recommended)\n\nThis will install the binary, man pages, and shell completions. It detects if you have Go installed; if not, it downloads the latest pre-built binary.\n\n```bash\n# Clone the repository or download the script\n./install.sh\n```\n\n**Features:**\n*   **Binary Fallback:** No Go environment required. Downloads binaries automatically.\n*   **Interactive:** GUIDes you through adding `zshellcheck` to your `PATH` and `fpath`.\n*   **Automated:** Use `./install.sh -y` for non-interactive/CI environments.\n*   **Version Control:** Install a specific version with `./install.sh -v v0.1.0`.\n*   **Uninstall:** Remove cleanly with `./install.sh --uninstall`.\n\n### From Go Modules\n\nIf you prefer standard Go tools:\n\n```bash\ngo install github.com/afadesigns/zshellcheck/cmd/zshellcheck@latest\n```\n\n### Building from Source\n\nFor contributors:\n\n1.  Clone the repository.\n2.  Run `./install.sh` (it detects the source repo and builds locally).\n\n## Usage\n\nAfter installation, run ZShellCheck against your Zsh files:\n\n```bash\nzshellcheck my_script.zsh\n```\n\n### Output Formats\n\n*   **Text (default)**: Human-readable with ANSI colors.\n*   **JSON**: `zshellcheck -format json file.zsh`\n*   **SARIF**: `zshellcheck -format sarif file.zsh` (Github Security integration)\n\n### Pre-commit Hook\n\nAdd this to your `.pre-commit-config.yaml`:\n\n```yaml\n-   repo: https://github.com/afadesigns/zshellcheck\n    rev: v0.3.35\n    hooks:\n    -   id: zshellcheck\n```\n\n## Configuration\n\nCustomize checks via `.zshellcheckrc`. See the [Configuration Guide](docs/USER_GUIDE.md#configuration).\n\n## Integrations\n\nSee our [Integrations Guide](docs/USER_GUIDE.md#integrations) for VS Code, Vim, and Neovim setup.\n\n## Shell Completions\n\nThe `./install.sh` script installs completions automatically for Zsh and Bash.\n\n**Manual Setup (Zsh):**\nIf you installed manually, add the `completions/zsh` directory to your `$fpath`:\n```zsh\nfpath+=/path/to/zshellcheck/completions/zsh\nautoload -Uz compinit \u0026\u0026 compinit\n```\n\n**Manual Setup (Bash):**\nSource the script in your `.bashrc`:\n```bash\nsource /path/to/zshellcheck/completions/bash/zshellcheck-completion.bash\n```\n\n## Architecture\n\nCurious about how ZShellCheck works under the hood? Check out our [Architecture Guide](docs/DEVELOPER.md#architecture-overview) to learn about the Lexer, Parser, AST, and Kata Registry.\n\n## Troubleshooting\n\nEncountering issues? Check our **[Troubleshooting Guide](docs/USER_GUIDE.md#troubleshooting)** for solutions to common problems like \"command not found\" or parser errors.\n\n## Developer Guide\n\nWant to contribute code? Read our [Developer Guide](docs/DEVELOPER.md) and [AST Reference](docs/DEVELOPER.md#ast-reference) to get started with building, testing, and understanding the codebase.\n\n## Documentation\n\nFor a comprehensive list of all implemented Katas (checks), including detailed descriptions, **good/bad code examples**, and configuration options, please refer to:\n\n👉 **[KATAS.md](KATAS.md)**\n\nUnsure about a term? Check the **[Glossary](docs/REFERENCE.md#glossary)**.\n\n## Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md) for a history of changes and releases.\n\n## Support\n\nNeed help? Have a question? Check out our [Support Guide](docs/USER_GUIDE.md#support).\n\n## Contributing\n\nWe welcome contributions! Whether it's adding new Katas, improving the parser, or fixing bugs, your help is appreciated. For detailed instructions, please see [CONTRIBUTING.md](CONTRIBUTING.md).\n\nSee our [Governance Model](docs/REFERENCE.md#governance) for information on how this project is managed.\n\n## License\n\nDistributed under the MIT License. See `LICENSE` for more information.\n\n## Contributors\n\n\u003ca href=\"https://github.com/afadesigns/zshellcheck/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=afadesigns/zshellcheck\" /\u003e\n\u003c/a\u003e\n","funding_links":["https://github.com/sponsors/afadesigns"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fafadesigns%2Fzshellcheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fafadesigns%2Fzshellcheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fafadesigns%2Fzshellcheck/lists"}