By Protofire
This is an open source project for linting Solidity code. This project
provides both Security and Style Guide validations.
VISIT OUR WEBSITE
JOIN OUR DISCORD SERVER
Installation
You can install Solhint using npm:
npm install -g solhint
solhint --version
Usage
First initialize a configuration file, if you don't have one:
solhint --init
This will create a .solhint.json
file with the default rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts
directory, you can do:
solhint 'contracts/**/*.sol'
To lint a single file:
solhint contracts/MyToken.sol
Run solhint
without arguments to get more information:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] report formatter name (stylish, table, tap, unix, json, compact, sarif)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings, works in quiet mode as well
-c, --config [file_name] file to use as your .solhint.json
-q, --quiet report errors only - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems and show report
--noPrompt do not suggest to backup files when any `fix` option is selected
--init create configuration file for solhint
--disc do not check for solhint updates
--save save report to file on current folder
-h, --help output usage information
Commands:
stdin [options] linting of source code data provided to STDIN
list-rules display covered rules of current .solhint.json
Notes
- Solhint checks if there are newer versions. The
--disc
option avoids that check. --save
option will create a file named as YYYYMMDDHHMMSS_solhintReport.txt
on current folder with default or specified format
Fix
This option currently works on:
- avoid-throw
- avoid-sha3
- no-console
- explicit-types
- private-vars-underscore
- payable-fallback
- quotes
- contract-name-camelcase
- avoid-suicide
Configuration
You can use a .solhint.json
file to configure Solhint for the whole project.
To generate a new sample .solhint.json
file in current folder you can do:
solhint --init
This file has the following format:
Default
{
"extends": "solhint:default"
}
Note
The solhint:default
configuration contains only two rules: max-line-length & no-console
Sample
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
A full list of all supported rules can be found here.
To ignore files that do not require validation you can use a .solhintignore
file. It supports rules in
the .gitignore
format.
node_modules/
additional-tests.sol
Extendable rulesets
The default rulesets provided by solhint are the following:
- solhint:default
- solhint:recommended
Use one of these as the value for the "extends" property in your configuration file.
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable specific rules on a given line. For example:
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
Disable validation on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
Disable specific rules on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
You can disable a rule for a group of lines:
/* solhint-disable avoid-tx-origin */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable avoid-tx-origin */
Or disable all validations for a group of lines:
/* solhint-disable */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable */
Rules
Security Rules
Full list with all supported Security Rules
Style Guide Rules
Full list with all supported Style Guide Rules
Best Practices Rules
Full list with all supported Best Practices Rules
Docker
Solhint has an official Docker Image
Go to docker folder and follow this instructions.
Documentation
Related documentation you may find here.
IDE Integrations
Table of Contents
- Roadmap: The core project's roadmap - what the core team is looking to work on in the near future.
- Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
- Shareable configs: How to create and share your own configurations.
- Writing plugins: How to extend Solhint with your own rules.
Plugins
Who uses Solhint?
Projects
- OpenZeppelin:
- POA Network - Public EVM Sidechain:
- 0x-Project
- Gnosis:
Acknowledgements
The Solidity parser used is @solidity-parser/parser
.
Licence
MIT
Back us
Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We'll highly appreciate it :)
Related projects
- eth-cli: CLI swiss army knife for Ethereum developers.