vastlint

Changelog

Release history for vastlint. New releases are tagged on GitHub — subscribe to the RSS feed to get notified automatically.

0.4.02026-04-29

  • **New `RuleSource::IndustryBestPractice`** - distinct from `VastSpec` and `Inferred`; renders as `"revenue impact"` in all output formats
  • **New `RuleMeta::revenue_impact()`** - returns `true` for 12 rules where a structural defect causes direct measurement or delivery loss; no catalog field added, no breaking schema change
  • **5 rules reclassified** from `Inferred` → `IndustryBestPractice`: `VAST-2.0-mediafile-https`, `VAST-2.0-tracking-https`, `VAST-2.0-duplicate-impression`, `VAST-4.1-mezzanine-recommended`, `VAST-4.1-vpaid-in-interactive-context`
  • **HTTP tracker rules promoted** `Info` → `Warning`: `VAST-2.0-mediafile-https` and `VAST-2.0-tracking-https` - on HTTPS inventory these are guaranteed delivery failures, not advisory notices
  • **New rule `VAST-2.0-linear-tracking-quartiles`** (`Warning`, `IndustryBestPractice`) - fires when a `<Linear>` creative has no `<TrackingEvents>` containing any of `start`, `firstQuartile`, `midpoint`, `thirdQuartile`, or `complete`; absence of all five is a complete measurement blackout. Spec reference: IAB VAST 4.1 §3.14.2
  • **`--fail-on-warning`** - exits non-zero when any warning is found; all 12 revenue-impact rules fire at `Warning` or `Error` severity, making this flag sufficient for a CI revenue gate
  • **URL input with wrapper chain following** - `vastlint check https://…` fetches the tag and recursively follows `<VASTAdTagURI>` wrapper chains
  • **`--max-depth N`** (default `5`) - controls how deep wrapper chains are followed, matching the IAB VAST 4.x recommendation
  • **`--summary`** - prints aggregate pass/fail counts after validation; includes a `$revenue` line when any revenue-impact rules fired; works in both plain and JSON output modes
  • New `$` column - marks the 12 revenue-impact rules
  • Legend line added at the bottom of the table

0.3.72026-04-25

  • CI: harden release pipeline (SLSA provenance, deploy key scoping)
  • VS Code: align `engines.vscode` to `^1.116.0`

0.3.62026-04-25

  • Chrome extension: v0.2.0 - HTML-rendered VAST detection, inline overlay annotations, privacy policy; CWS submission workflow
  • CI: SLSA provenance signing; Smithery and MCP Registry idempotent publish

0.3.42026-04-18

  • Security: patched two advisories (`idna` RUSTSEC-2024-0421, `rustls-webpki` RUSTSEC-2026-0098/0099); added `cargo audit` to CI
  • Fuzz: cargo-fuzz targets for `validate`, `fix`, and `validate_wrapper`

0.3.32026-04-18

  • SIMID rules: 9 rules covering SIMID 1.0 (linear) and SIMID 1.1 (nonlinear) - type, URL, HTTPS, `variableDuration`, `<MediaFile>` fallback, `<IFrameResource>` presence
  • Docs: SIMID coverage expanded to all spec versions (1.0, 1.1, 1.2) on vastlint.org

0.3.22026-04-17

  • MCP server: `vastlint-mcp` crate published to MCP Registry; tools: `validate_vast`, `validate_vast_url`, `list_rules`, `explain_rule`, `fix_vast`

0.3.12026-04-17

  • Auto-fix in VS Code: inline quick-fix actions wired up; fix API exported from npm package
  • Open VSX: extension now published to Open VSX Registry in addition to VS Code Marketplace

0.3.02026-04-17

  • **Erlang/Elixir NIF** (`vastlint_nif`): native binding for BEAM-based ad servers and RTB platforms
  • Performance docs updated to production-realistic benchmarks (17–44 KB tags)

0.2.62026-04-12

  • Build: idempotent `cargo publish` and `vsce publish` (skip if version already exists)
  • WASM: smoke test fixes; both targets built before assemble step

0.2.52026-04-11

  • npm + WASM packages added; `vastlint` available on npm for browser and Node.js use

0.2.42026-04-11

  • Line/column positions: all issues now include `line` and `col` in JSON output and VS Code diagnostics

0.2.32026-04-08

  • **FFI C layer** (`vastlint-ffi`): `libvastlint` shared library with C header; Go binding (`vastlint-go`) backed by the same core
  • `mimalloc` global allocator in CLI and FFI for lower memory overhead

0.2.22026-04-08

  • Release pipeline fixes: provenance cascade on skipped jobs, version bump order

0.2.12026-04-08

  • Telemetry endpoint fix

0.2.02026-04-08

  • **Go binding** (`vastlint-go`): full Go FFI wrapper; same 108 rules, zero CGO complexity for callers
  • Version equalization: all crates and bindings move to a unified version scheme

0.1.02026-04-03

  • Initial public release
  • vastlint-core: 108 rules derived from IAB VAST 2.0–4.3; zero-dependency, zero-I/O Rust library; validates in under 1 ms on typical production tags
  • CLI: `vastlint check` with single-file, glob, stdin, JSON output; `vastlint fix` auto-repair with `--dry-run` and `--out`
  • Web validator: vastlint.org/validate - client-side WASM, no data leaves the browser
  • VS Code extension: inline diagnostics with rule IDs and spec references
  • REST API: `/api/validate` on RapidAPI, WASM-powered, sub-millisecond response
  • Homebrew tap: `brew install aleksUIX/tap/vastlint`

Source: CHANGELOG.md in the vastlint repo. Maintained by hand per release. Roadmap →