Changed #

• avoid_unsafe_collection_methods - Now recognizes collection-if guards:
  • [if (list.isNotEmpty) list.first] - guarded in collection literal
  • {if (set.length > 0) set.first} - guarded in set literal
  • [if (list.isEmpty) 0 else list.first] - inverted guard in else branch
• require_value_notifier_dispose - Now recognizes loop-based disposal patterns for collections of ValueNotifiers:
  • for (final n in _notifiers) { n.dispose(); } - for-in loop disposal
  • _notifiers.forEach((n) => n.dispose()) - forEach disposal
  • Supports List<ValueNotifier<T>>, Set<ValueNotifier<T>>, Iterable<ValueNotifier<T>>
• require_file_close_in_finally - Reduced false positives by requiring file indicators (File, IOSink, RandomAccessFile) for generic .open() calls

Fixed #

• avoid_null_assertion - Added additional safe pattern detection to reduce false positives:
  • Null-coalescing assignment: x ??= value; x! - safe after ??=
  • Negated null checks: if (!(x == null)) { x! }
  • Compound && conditions: if (a && x != null) { x! }
  • Compound || with early return: if (a || x == null) return; x!
  • Flutter async builder patterns: if (snapshot.hasData) { snapshot.data! }, if (snapshot.hasError) { snapshot.error! }
  • While loops: while (x != null) { x! }
  • For loops: for (; x != null; ) { x! }
• avoid_undisposed_instances - Fixed type annotation access for analyzer 8.x (name2.lexeme); now follows helper method calls to detect indirect disposal patterns
• avoid_undisposed_instances - Enhanced field extraction to handle parenthesized expressions and cascade expressions

Added #

• no_empty_block - Added quick fix that inserts an explanatory comment inside the empty block
• avoid_null_assertion - Added quick fix that converts x!.prop to x?.prop in conditions, or adds HACK comment

Changed #

• avoid_null_assertion - Refactored null-check extension names into documented const sets (_truthyNullCheckNames for && patterns, _falsyNullCheckNames for || patterns) for maintainability
• avoid_unsafe_collection_methods - Now recognizes guarded access patterns and won't flag safe usage:
  • If statements: if (list.isNotEmpty) { list.first }, if (list.length > 0) { ... }
  • Ternaries: list.isNotEmpty ? list.first : fallback, list.length > 1 ? list.last : fallback
  • Inverted guards: if (list.isEmpty) { } else { list.first }
  • Quick fix now suggests *OrNull methods (firstOrNull, lastOrNull, singleOrNull) instead of adding HACK comments
• require_future_error_handling - Now uses actual type checking (isDartAsyncFuture) instead of method name heuristics. Added quick fix that adds .catchError() handler.

Fixed #

• avoid_null_assertion - Added support for inverted if-blocks (if (x.isEmpty) { } else { x! }) and numeric checks (isPositive, isZeroOrNegative, isNegativeOrZero, isNegative). Also added isNotListNullOrEmpty, isNotNullOrZero, isNullOrZero
• avoid_undisposed_instances - Now recognizes disposeSafe(), cancelSafe(), and closeSafe() as valid disposal methods
• require_stream_controller_dispose - Now recognizes closeSafe() as valid close method
• require_value_notifier_dispose - Now recognizes disposeSafe() as valid dispose method; only checks owned fields (with initializers), not parameters passed in
• require_database_close - Now recognizes closeSafe() and disposeSafe() as valid cleanup methods
• require_http_client_close - Now recognizes closeSafe() as valid close method
• require_websocket_close - Now recognizes closeSafe() as valid close method
• require_platform_channel_cleanup - Now recognizes cancelSafe() as valid cancel method
• require_image_disposal - Now recognizes disposeSafe() as valid dispose method

Added #

• require_timer_cancellation - New dedicated rule for Timer and StreamSubscription fields that require cancel(). Separated from require_dispose for clearer semantics. Crashes can occur if uncancelled timers call setState after widget disposal.
• nullify_after_dispose - New rule that suggests setting nullable disposable fields to null after disposal (e.g., _timer = null after _timer?.cancel()). Helps garbage collection and prevents accidental reuse.

Changed #

• require_dispose - Removed Timer and StreamSubscription (now handled by require_timer_cancellation). Now focuses on controllers that use dispose() and streams that use close().

Fixed #

• require_animation_disposal - Now only checks State classes, eliminating false positives on StatelessWidgets that receive AnimationControllers as constructor parameters (they don't own the controller, parent disposes it)
• require_dispose - Now follows helper method calls from dispose() to detect indirect disposal patterns like _cancelTimer() that internally call the disposal method
• require_timer_cancellation - Follows helper method calls from dispose() to detect indirect cancellation patterns

Changed #

• Renamed docs/ to doc/guides/ to follow Dart/Pub package layout conventions

Fixed #

• require_dispose - Fixed disposeSafe pattern matching (was xSafe(), now correctly matches x.disposeSafe())
• avoid_logging_sensitive_data - Added safe pattern detection to avoid false positives on words like oauth, authenticated, authorization, unauthorized

Changed #

• README: Clarified that rules must use YAML list format (- rule: value) not map format
• README: Updated IDE integration section with realistic expectations and CLI recommendation

Fixed #

• avoid_null_assertion - Added short-circuit evaluation detection to reduce false positives:
  • x == null || x!.length - safe due to || short-circuit
  • x.isListNullOrEmpty || x!.length < 2 - extension method short-circuit
  • x != null && x!.doSomething() - safe due to && short-circuit
  • Added isListNullOrEmpty, isNullOrEmpty, isNullOrBlank to recognized null checks

Changed #

• avoid_null_assertion - Now recognizes safe null assertion patterns to reduce false positives:
  • Safe ternaries: x == null ? null : x!, x != null ? x! : default
  • Safe if-blocks: if (x != null) { use(x!) }
  • After null-check extensions: .isNotNullOrEmpty, .isNotNullOrBlank, .isNotEmpty
• dispose_controllers - Now recognizes disposeSafe() as a valid dispose method

Fixed #

• avoid_hardcoded_credentials - Improved pattern matching to reduce false positives
  • Added minimum length requirements: sk-/pk- tokens (20+), GitHub tokens (36+), Bearer (20+), Basic (10+)
  • More accurate character sets for Base64 encoding in Basic auth
  • End-of-string anchoring for Bearer/Basic tokens

Changed #

• Breaking: New tier configuration system using Dart code instead of YAML includes
  • custom_lint doesn't follow include: directives, so tiers are now defined in Dart
  • Configure via custom_lint: saropa_lints: tier: recommended in analysis_options.yaml
  • Individual rules can still be overridden on top of tier selection
  • Tiers: essential, recommended, professional, comprehensive, insanity

Added #

• lib/src/tiers.dart with rule sets for each tier defined as Dart constants
• getRulesForTier(String tier) function for tier-based rule resolution

Removed #

• YAML-based tier configuration (include directives were not being followed by custom_lint)

Fixed #

• Added license: MIT field to pubspec.yaml for proper pub.dev display

Added #

• Quick fixes for 37+ lint rules (IDE code actions to resolve issues)
• ROADMAP.md with specifications for ~500 new rules to reach 1000 total
• ENTERPRISE.md with business value, adoption strategy, and professional services info
• "Why saropa_lints?" section in README explaining project motivation
• Contact emails: [email protected] (README), [email protected] (CONTRIBUTING), [email protected] (ENTERPRISE)

Changed #

• README: Updated rule counts to reflect 1000-rule goal
• README: Tier table now shows target distribution (~100/~300/~600/~800/1000)
• README: Added migration guide links in Quick Start section
• Reorganized documentation structure
• CONTRIBUTING.md: Updated quick fix requirements documentation
• ENTERPRISE.md: Added migration FAQ with links to guides

Removed #

• doc/PLAN_LINT_RULES_AND_TESTING.md (replaced by ROADMAP.md)
• doc/SAROPA_LINT_RULES_GUIDE.md (replaced by ENTERPRISE.md)

Added #

• Test infrastructure with unit tests (test/) and lint rule fixtures (example/lib/)
• Unit tests for plugin instantiation
• Lint rule test fixtures for avoid_hardcoded_credentials, avoid_unsafe_collection_methods, avoid_unsafe_reduce
• TEST_PLAN.md documenting testing strategy
• CI workflow for GitHub Actions (analyze, format, test)
• Style badge for projects using saropa_lints
• CI status badge in README
• Badge section in README with copy-paste markdown for users
• Migration guide for very_good_analysis users (doc/guides/migration_from_vga.md)

Changed #

• Publish script now runs unit tests and custom_lint tests before publishing
• README: More welcoming tone, clearer introduction
• README: Added link to VGA migration guide
• README: Added link to DCM migration guide
• Updated SECURITY.md for saropa_lints package (was templated for mobile app)
• Updated links.md with saropa_lints development resources
• Added analysis_options.yaml to exclude example/ from main project analysis

Fixed #

• Doc reference warnings in rule comments ([i], [0], [length-1])

Fixed #

• Critical: getLintRules() now reads tier configuration from custom_lint.yaml
  • Previously ignored configs parameter and used hard-coded 25-rule list
  • Now respects rules enabled/disabled in tier YAML files (essential, recommended, etc.)
  • Supports enable_all_lint_rules: true to enable all 500+ rules

Fixed #

• Updated for analyzer 8.x API (requires >=8.0.0 <10.0.0)
  • Reverted ErrorSeverity back to DiagnosticSeverity
  • Reverted ErrorReporter back to DiagnosticReporter
  • Reverted NamedType.name2 back to NamedType.name
  • Changed enclosingElement3 to enclosingElement

Fixed #

• Fixed MethodElement.enclosingElement3 error - MethodElement requires cast to Element for enclosingElement3 access
• Expanded analyzer constraint to support version 9.x (>=6.0.0 <10.0.0)

Fixed #

• Breaking compatibility fix: Updated all rule files for analyzer 7.x API changes
  • Migrated from DiagnosticSeverity to ErrorSeverity (31 files)
  • Migrated from DiagnosticReporter to ErrorReporter (31 files)
  • Updated NamedType.name to NamedType.name2 for AST type access (12 files)
  • Updated enclosingElement to enclosingElement3 (2 files)
  • Fixed Element2/Element type inference issue
• Suppressed TODO lint warnings in documentation examples

Changed #

• Now fully compatible with analyzer ^7.5.0 and custom_lint ^0.8.0

Fixed #

• Removed custom documentation URL so pub.dev uses its auto-generated API docs

Added #

• New formatting lint rules:
  • AvoidDigitSeparatorsRule - Flag digit separators in numeric literals
  • FormatCommentFormattingRule - Enforce consistent comment formatting
  • MemberOrderingFormattingRule - Enforce class member ordering
  • PreferSortedParametersRule - Prefer sorted parameters in functions
• Export all rule classes for documentation generation
• Automated publish script for pub.dev releases

Changed #

• Renamed ParametersOrderingRule to ParametersOrderingConventionRule
• Updated README with accurate rule count (497 rules)
• Simplified README messaging and performance guidance

Fixed #

• Improved documentation formatting and examples

Added #

• Initial release with 475 lint rules
• 5 tier configuration files:
  • essential.yaml (~50 rules) - Crash prevention, memory leaks, security
  • recommended.yaml (~150 rules) - Performance, accessibility, testing basics
  • professional.yaml (~350 rules) - Architecture, documentation, comprehensive testing
  • comprehensive.yaml (~700 rules) - Full best practices
  • insanity.yaml (~1000 rules) - Every rule enabled
• Rule categories:
  • Accessibility (10 rules)
  • API & Network (7 rules)
  • Architecture (7 rules)
  • Async (20+ rules)
  • Class & Constructor (15+ rules)
  • Code Quality (20+ rules)
  • Collection (15+ rules)
  • Complexity (10+ rules)
  • Control Flow (15+ rules)
  • Debug (5+ rules)
  • Dependency Injection (8 rules)
  • Documentation (8 rules)
  • Equality (10+ rules)
  • Error Handling (8 rules)
  • Exception (10+ rules)
  • Flutter Widget (40+ rules)
  • Formatting (10+ rules)
  • Internationalization (8 rules)
  • Memory Management (7 rules)
  • Naming & Style (20+ rules)
  • Numeric Literal (5+ rules)
  • Performance (25 rules)
  • Record & Pattern (5+ rules)
  • Resource Management (7 rules)
  • Return (10+ rules)
  • Security (8 rules)
  • State Management (10 rules)
  • Structure (10+ rules)
  • Test (15+ rules)
  • Testing Best Practices (7 rules)
  • Type (15+ rules)
  • Type Safety (7 rules)
  • Unnecessary Code (15+ rules)

Notes #

• Built on custom_lint_builder: ^0.8.0
• Compatible with Dart SDK >=3.1.0 <4.0.0
• MIT licensed - free for any use