The complete catalog — 30 rules across four languages in 0.4.0, as listed by shipmoor rules. Severities follow the cross-language policy described in Findings & rules; any severity can be overridden (and any rule disabled) per project in .shipmoor.yaml.
shipmoor rules # this list, with your overrides applied
shipmoor rules --json # machine-readable, with full descriptionsPython (6 rules)
| Rule | Severity | What it flags |
|---|---|---|
python.syntax_error | critical | Python source cannot be parsed. |
python.phantom_import | high | Import cannot be resolved from the project or environment. |
python.placeholder.empty_body | medium | Function contains only placeholder body statements. |
python.placeholder.constant_return | medium | Function returns a placeholder constant. |
python.quality.mutable_default | medium | Function uses a mutable default argument. |
python.quality.bare_except | low | Exception handler catches every exception. |
TypeScript (8 rules)
| Rule | Severity | What it flags |
|---|---|---|
typescript.phantom_dependency | high | Imported package is not declared or resolvable locally. |
typescript.placeholder.empty_function | medium | Function body has no implementation. |
typescript.placeholder.not_implemented | medium | Function throws a placeholder implementation error. |
typescript.trust.any_boundary | medium | Exported function boundary uses any. |
typescript.trust.as_any | low | Expression is cast to any. |
typescript.trust.ts_ignore | medium | TypeScript error is ignored. |
typescript.debug.console | low | Console output remains in source. |
typescript.control_flow.unreachable_code | medium | Statement appears after return or throw. |
JavaScript (8 rules)
| Rule | Severity | What it flags |
|---|---|---|
javascript.phantom_dependency | high | Imported package is not declared or resolvable locally. |
javascript.placeholder.empty_function | medium | Function body has no implementation. |
javascript.placeholder.not_implemented | medium | Function throws a placeholder implementation error. |
javascript.trust.any_boundary | medium | Exported function boundary uses any. |
javascript.trust.as_any | low | Expression is cast to any. |
javascript.trust.ts_ignore | medium | TypeScript error is ignored. |
javascript.debug.console | low | Console output remains in source. |
javascript.control_flow.unreachable_code | medium | Statement appears after return or throw. |
Go (8 rules)
| Rule | Severity | What it flags |
|---|---|---|
go.phantom_import | high | Imported Go package is not declared or resolvable. |
go.placeholder.empty_function | medium | Go function body is empty. |
go.placeholder.todo_comment | low | Go source contains unresolved TODO/FIXME/HACK markers. |
go.placeholder.todo_panic | high | Go code panics with TODO or not-implemented text. |
go.error.ignored_error | medium | Call result is discarded with the blank identifier. |
go.error.panic_error | medium | Error is handled by panicking. |
go.debug.fmt_print | low | fmt.Print output remains in source. |
go.structure.god_function | medium | Go function is very large. |
Reading the severities
Severity is assigned by defect class, consistently across languages: hallucinated imports/dependencies are high everywhere (the code can’t run as authored), placeholder bodies and trust suppressions at boundaries are medium, debug output and catch-alls are low. The phantom-import rules additionally classify every finding by subtype (hallucinated_package, missing_manifest_entry, broken_relative_path, unresolved_local_module).
For any rule, shipmoor explain <rule_id> gives the why, the root cause, and the fix.
Next
- Findings & rules — the failure-mode classes and severity policy.
- Gating & policy — overriding severities and disabling rules.
- CLI command reference —
rulesandexplainflags.