solhint-community
Advanced tools
A community-maintained solhint fork
This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
This fork was started in mid 2023 to provide the community with an up-to-date linter regardless of protofire's funding allocations, which had proven inconsistent in the past with a big hiatus in development from 2021-2023 and in the middle of 2023.
Currently we're working on a major version change that'll hopefully bring many improvements desired by the community (see issues tagged with v4.0.0), at the cost of some breaking changes.
"^4.0.0-rc00" in your package.json will get you that),
where features are first pushed, and report any errors/potential improvements so
they don't get to affect most users.You can install solhint-community using npm:
npm install -g solhint-community
# verify that it was installed correctly
solhint --version
First initialize a configuration file, if you don't have one:
solhint init-config
This will create a .solhint.json file with the recommended rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts directory, you can do:
solhint 'contracts/**/*.sol'
To lint a single file:
solhint contracts/MyToken.sol
Run solhint without arguments to get more information:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] chosen formatter for reports (stylish, table, tap, unix, json, compact)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] extra config file to source, in addition to the defaults
-q, --quiet report errors only. Takes precedence over --max-warnings - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems. If used in conjunction with stdin, then fixed file will be printed to stdout and report will be omitted
-h, --help display help for command
Commands:
stdin [options] linting of source code data provided to STDIN
init-config create configuration file for solhint
list-rules display enabled rules of current config, including extensions
0: linted files had no errors1: linted files had 1 or more errors, or more warnings than --max-warnings255: provided command-line options were invalid, see stderr for detailsYou can use a .solhint.json file to configure Solhint for the whole project.
To generate a new sample .solhint.json file in current folder you can do:
solhint init-config
This file has the following format:
{
"extends": "solhint:recommended"
}
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
A full list of all supported rules can be found here.
To ignore files that do not require validation you can use a .solhintignore file. It supports rules in
the .gitignore format.
node_modules/
additional-tests.sol
The extendable rulesets provided by solhint are the following:
Use one of these as the value for the "extends" property in your configuration file.
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable specific rules on a given line. For example:
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
Disable validation on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
Disable specific rules on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
You can disable a rule for a group of lines:
/* solhint-disable avoid-tx-origin */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable avoid-tx-origin */
Or disable all validations for a group of lines:
/* solhint-disable */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable */
Full list with all supported Security Rules
Full list with all supported Style Guide Rules
Full list with all supported Best Practices Rules
Related documentation you may find here.
The Solidity parser used is @solidity-parser/parser.
MIT
[4.0.0] - 2024-04-10
Stable release.
Current latest version.
Includes lots of breaking changes such as removing rules or changing their semantics, while also adding some long-awaited features, such as:
For a comprehensive list of changes, see the changelog for 4.0.0-rc0{0-4}, listed below:
FAQs
Solidity Code Linter
The npm package solhint-community receives a total of 1,401 weekly downloads. As such, solhint-community popularity was classified as popular.
We found that solhint-community demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.