Releases · dcondrey/unicode-safety-check

v3.0.0 - Full Rust Rewrite

Complete rewrite from Python to Rust. Faster, safer, and more comprehensive.

19 detection rules covering bidi attacks, invisible chars, homoglyphs, confusable collisions, mixed-script identifiers, control characters, private use, tag characters, and more
87 audit findings fixed across security, correctness, CI hardening, and test coverage
150 tests (130 unit + 20 integration) with 100% rule coverage
Supply chain hardening: SHA256 checksum verification for downloaded binaries, pinned action SHAs, least-privilege CI permissions

Expanded confusables table: ~206 entries (Cherokee, Math Bold/Italic A-z, fullwidth)
Expanded script ranges: 71 ranges covering 30+ scripts (Tamil, Telugu, Kannada, Malayalam, Sinhala, Lao, Tibetan, Myanmar, Ethiopic, Cherokee, Khmer, and more)
SQL -- and HTML  comment handling
Raw triple-quoted Python string handling (r"""...""")
Context-aware policy enforcement (contexts.comment.bidi-control: ignore now works)
Bidi pairing detection for orphaned closers before openers

Python source removed; Rust binary only
serde_yaml replaced with serde_yml
--exclude patterns now use fnmatch only (substring fallback removed to prevent false exclusions)

Platform	Binary
Linux x86_64	`unicode-safety-check-x86_64-unknown-linux-gnu.tar.gz`
Linux aarch64	`unicode-safety-check-aarch64-unknown-linux-gnu.tar.gz`
macOS x86_64	`unicode-safety-check-x86_64-apple-darwin.tar.gz`
macOS aarch64	`unicode-safety-check-aarch64-apple-darwin.tar.gz`

Verify downloads with SHA256SUMS:

shasum -a 256 -c SHA256SUMS