Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
sabre-mythx
Advanced tools
Minimum viable client for the MythX smart contract security analysis service
Sabre is a security analysis tool for smart contracts written in Solidity. It uses the MythX cloud service which detects a wide range of security issues.
Note: This client is not officially supported by MythX and may not optimally leverage all API features. Consider using the MythX command line client for serious business.
$ npm install -g sabre-mythx
Sign up for a free account on the MythX website to generate an API key. Set the MYTHX_API_KEY
enviroment variable by adding the following to your .bashrc
or .bash_profile
):
export MYTHX_API_KEY=eyJhbGciOiJI(...)
Run sabre analyze <solidity-file> [contract-name]
to submit a smart contract for analysis. The default mode is "quick" analysis which returns results after approximately 2 minutes. You'll also get a dashboard link where you can monitor the progress and view the report later.
--mode <quick/standard/deep>
MythX integrates various analysis methods including static analysis, input fuzzing and symbolic execution. In the backend, each incoming analysis job is distributed to a number of workers that perform various tasks in parallel. There are two analysis modes, "quick", "standard" and "deep", that differ in the amount of resources dedicated to the analysis.
--format <text/stylish/compact/table/html/json>
Select the report format. By default, Sabre outputs a verbose text report. Other options stylish
, compact
, table
, html
and json
. Note that you can also view reports for past analyses on the dashboard.
--clientToolName <string>
You can integrate Sabre into your own MythX tool and become eligible for a share of API revenues. In that case, you'll want to use the --clientToolName
argument to override the tool id which is used by the API to identify your tool.
--debug
Dump the API request and reponse when submitting an analysis.
Besides analyze
the following commands are available.
- list Get a list of submitted analyses.
- status <UUID> Get the status of an already submitted analysis
- version Print Sabre Version
- apiVersion Print MythX API version
FAQs
Client for the MythX smart contract security analysis service
The npm package sabre-mythx receives a total of 14 weekly downloads. As such, sabre-mythx popularity was classified as not popular.
We found that sabre-mythx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.