HecklerDetection

Version updated for https://github.com/kholcomb/heckler to version v1.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Heckler is a zero-dependency Python tool designed to detect invisible and potentially dangerous Unicode characters in source code and dependencies, helping prevent security threats like supply chain attacks and Trojan Source vulnerabilities. It automates the scanning of 60+ file types and package dependencies for 416 harmful codepoints across six threat categories, such as bidi controls, zero-width characters, and exotic whitespace. With features like CI integration, package vetting, and support for JSON/SARIF reporting, Heckler enhances codebase and dependency security by identifying and reporting hidden risks.

What’s Changed

HecklerDetectv1

• kholcomb
• GitHub Actions