Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Unified Modeling Language (UML) class diagram generator for Solidity contracts
Unified Modeling Language (UML) class diagram generator for Solidity contracts.
Open Zeppelin's ERC20 token contracts generated from version 2.3.0
See examples for more diagrams.
The following installation assumes Node.js has already been installed which comes with Node Package Manager (NPM).
To install globally so you can run sol2uml
from anywhere
npm link sol2uml --only=production
To upgrade run
npm upgrade sol2uml -g
To see which version you are using
npm ls sol2uml
To see the usage options
$ sol2uml -h
Usage: sol2uml <fileFolderAddress> [options]
Generates UML diagrams from Solidity source code.
If no file, folder or address is passes as the first argument, the working folder is used.
When a folder is used, all *.sol files are found in that folder and all sub folders.
If an Ethereum address with a 0x prefix is passed, the verified source code from Etherscan will be used.
Options:
-b, --baseContractNames <value> only output contracts connected to these comma separated base contract names
-f, --outputFormat <value> output file format: svg, png, dot or all (default: "svg")
-o, --outputFileName <value> output file name
-d, --depthLimit <depth> number of sub folders that will be recursively searched for Solidity files. Default -1 is unlimited (default: -1)
-n, --network <network> mainnet, ropsten, kovan, rinkeby or goerli (default: "mainnet")
-k, --etherscanApiKey <key> Etherscan API Key
-c, --clusterFolders cluster contracts into source folders
-v, --verbose run with debugging statements
-h, --help output usage information
To generate a diagram of all contracts under the contracts folder and its sub folders
sol2uml ./contracts
To generate a diagram of EtherDelta's contract from the verified source code on Etherscan. The output wil be a svg file 0x8d12A197cB00D4747a1fe03395095ce2A5CC6819.svg
in the working folder.
sol2uml 0x8d12A197cB00D4747a1fe03395095ce2A5CC6819
To generate a diagram of EtherDelta's contract from the verified source code on Etherscan Ropsten. The output wil be a svg file 0xa19833bd291b66aB0E17b9C6d46D2Ec5fEC15190.svg
in the working folder.
sol2uml 0xa19833bd291b66aB0E17b9C6d46D2Ec5fEC15190 -n ropsten
To generate all Solidity files under some root folder and output the svg file to a specific location
sol2uml path/to/contracts/root/folder -o ./outputFile.svg
To generate a diagram of all contracts in a single Solidity file, the output file in png format to output file ./someFile.png
sol2uml path/to/contracts/root/folder/solidity/file.sol -f png -o ./someFile.png
To generate diagrams of all Solidity files under some root folder. The output will be contracts.svg
and contracts.png
files in the working folder.
sol2uml ./contracts -f all -v
The main function that parses Solidity source code from files or files in folders is parseUmlClassesFromFiles. This returns an array of UML class objects.
EtherscanParser is a class that parses Etherscan's verified Solidity source code for a contract. For example
import { convertUmlClassesToSvg, EtherscanParser } from 'sol2uml'
async function generateSvg() {
const etherscanParser = new EtherscanParser()
// get the verified source code from Etherscan for the contract address and
// parse Solidity into UML class objects
const umlClasses = await etherscanParser.getUmlClasses('0xf5dce57282a584d2746faf1593d3121fcac444dc')
// Convert UML classes to a svg string
const svg = await convertUmlClassesToSvg(umlClasses)
}
generateFilesFromUmlClasses is used to write the dot, svg and png files from an array of UML class objects.
Good online resources for learning UML
A Solidity variable becomes an attribute in UML and a Solidity function becomes an operation in UML.
Lines:
Heads/Tails:
This is a rewrite of the Richard Ramos's solidity-diagram-gen tool which no longer works as it uses solidity-parser which cannot handle newer Solidity syntax like constructor
.
This version uses Federico Bond's (GitHub @federicobond) solidity-parser-antlr Solidity parser which is built on top of ANTLR4 grammar. The logic to generate the dot syntax has been rewritten and different UML syntax is now used to Richard Ramos's original implementation.
The diagrams are generated using viz.js which uses Graphviz to render a Scalable Vector Graphics (SVG) file. Graphviz Online allows dot files to be edited and rendered into a SVG dynamically.
FAQs
Solidity contract visualisation tool.
The npm package sol2uml receives a total of 4,104 weekly downloads. As such, sol2uml popularity was classified as popular.
We found that sol2uml demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.