Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
This is an open source project for linting solidity code. This project provide both security and style guide validations.
For install project you need to execute next commands
npm install -g solhint
solhint -V
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] Report formatter name
-h, --help output usage information
Commands:
stdin [options]
init-config
Configuration file has next format:
{
"extends": "default",
"rules": {
"avoid-throw": false,
"avoid-suicide": "error",
"avoid-sha3": "warn",
"indent": ["warn", 4]
}
}
Disable validation on next line
// solhint-disable-next-line
uint[] a;
Disable validation of fixed compiler version validation on next line
// solhint-disable-next-line compiler-fixed, compiler-gt-0_4
pragma solidity ^0.4.4;
Disable validation on current line
pragma solidity ^0.4.4; // solhint-disable-line
Disable validation of fixed compiler version validation on current line
pragma solidity ^0.4.4; // solhint-disable-line compiler-fixed, compiler-gt-0_4
Disable linter rules for code fragment
/* solhint-disable avoid-throw */
if (a > 1) {
throw;
}
/* solhint-enable avoid-throw */
Disable all linter rules for code fragment
/* solhint-disable */
if (a > 1) {
throw;
}
/* solhint-enable */
Rule ID | Error |
---|---|
avoid-sha3 | Use "keccak256" instead of deprecated "sha3" |
avoid-suicide | Use "selfdestruct" instead of deprecated "suicide" |
avoid-throw | "throw" is deprecated, avoid to use it |
func-visibility | Explicitly mark visibility in function |
state-visibility | Explicitly mark visibility of state |
check-send-result | Check result of "send" call |
avoid-call-value | Avoid to use ".call.value()()" |
compiler-fixed | Compiler version must be fixed |
compiler-gt-0_4 | Use at least '0.4' compiler version |
no-complex-fallback | Fallback function must be simple |
mark-callable-contracts | Explicitly mark all external contracts as trusted or untrusted |
multiple-sends | Avoid multiple calls of "send" method in single transaction |
no-simple-event-func-name | Event and function names must be different |
Rule ID | Error |
---|---|
func-name-mixedcase | Function name must be in camelCase |
func-param-name-mixedcase | Function param name must be in mixedCase |
var-name-mixedcase | Variable name must be in mixedCase |
event-name-camelcase | Event name must be in CamelCase |
const-name-snakecase | Constant name must be in SNAKE_CASE |
modifier-name-mixedcase | Modifier name must be in mixedCase |
contract-name-camelcase | Contract name must be in CamelCase |
use-forbidden-name | Avoid to use letters 'I', 'l', 'O' as identifiers |
visibility-modifier-order | Visibility modifier must be first in list of modifiers |
imports-on-top | Import statements must be on top |
two-lines-top-level-separator | Definition must be surrounded with two blank line indent |
func-order | Function order is incorrect |
quotes | Use double quotes for string literals |
no-mix-tabs-and-spaces | Mixed tabs and spaces |
indent | Indentation is incorrect |
bracket-align | Open bracket must be on same line. It must be indented by other constructions by space |
array-declaration-spaces | Array declaration must not contains spaces |
separate-by-one-line-in-contract | Definitions inside contract / library must be separated by one line |
expression-indent | Expression indentation is incorrect. |
statement-indent | Statement indentation is incorrect. |
max-line-length | Line length must be no more than 120 but current length is 121. |
Related documentation you may find there.
MIT
FAQs
Solidity Code Linter
The npm package solhint receives a total of 50,222 weekly downloads. As such, solhint popularity was classified as popular.
We found that solhint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.