Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
sabre-mythx
Advanced tools
Minimum viable client for the MythX smart contract security analysis service
Sabre is a experimental MythX client. It analyzes a Solidity smart contracts using the MythX cloud service.
$ npm install -g sabre-mythx
Use Metamask or a web3-enabled browser to sign up for a free account on the MythX website and set your API password. Set up your environment using the Ethereum address you signed up with as the username (for increased convenience add those two lines into your .bashrc
or .bash_profile
).
export MYTHX_ETH_ADDRESS=0x(...)
export MYTHX_PASSWORD=password
$ sabre [options] <solidity_file> [contract_name]
OPTIONS:
--version Print version
--help Print help message
--apiVersion Print MythX API version
--mode <quick/full> Analysis mode (default=quick)
--format <text/stylish/compact/table/html/json> Output format (default=text)
--clientToolName <string> Override clientToolName
--noCacheLookup Deactivate MythX cache lookups
--debug Print MythX API request and response
A 'quick' analysis takes 20 - 120 seconds to finish while a 'full' analysis takes approximately 30 minutes.
$ sabre contracts/token.sol
✔ Compiled with solc v0.5.7 successfully
token.sol
13:4 error The binary subtraction can underflow https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101
14:4 error The binary addition can overflow https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101
✖ 2 problems (2 errors, 0 warnings)
MythX tool builders will earn revenue share in Dai when we go live with paid subscription plans. Details will be released soon. Ping us on Discord if you'd like to get involved.
Some links:
FAQs
Client for the MythX smart contract security analysis service
The npm package sabre-mythx receives a total of 14 weekly downloads. As such, sabre-mythx popularity was classified as not popular.
We found that sabre-mythx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.