Product
Secure Your AI-Generated Code with Socket MCP
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
By Alexandros Kapravelos - May 28, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
solidity-parser
Advanced tools
Solidity Parser
A Solidity parser in Javascript. So we can evaluate and alter Solidity code without resorting to cruddy preprocessing.
⚠️ WARNING ⚠️
This is pre-alpha software. The goal of it is to take Solidity code as input and return an object as output that can be used to correctly describe that Solidity code. The structure of the resultant object is highly likely to change as the parser's features get filled out. This parser is set to ignore Solidity constructs it's not yet able to handle. Or, it might just error. So watch out.
Usage
Library
npm install solidity-parser
Then, in your code:
var SolidityParser = require("solidity-parser");
// Parse Solidity code as a string:
var result = SolidityParser.parse("contract { ... }");
// Or, parse a file:
var result = SolidityParser.parseFile("./path/to/file.sol");
You can also parse a file specifically for its imports. This won't return an abstract syntax tree, but will instead return a list of files required by the parsed file:
var SolidityParser = require("solidity-parser");
var result = SolidityParser.parseFile("./path/to/file.sol", "imports");
console.log(result);
// [
// "SomeFile.sol",
// "AnotherFile.sol"
// ]
Command Line (for convenience)
$ solidity-parser ./path/to/file.js
Results
Consider this solidity code as input:
import "Foo.sol";
contract MyContract {
mapping (uint => address) public addresses;
}
You'll receiving the following (or something very similar) as output. Note that the structure of mappings could be made more clear, and this will likely be changed in the future.
{
"type": "Program",
"body": [
{
"type": "ImportStatement",
"value": "Foo.sol"
},
{
"type": "ContractStatement",
"name": "MyContract",
"is": [],
"body": [
{
"type": "ExpressionStatement",
"expression": {
"type": "DeclarativeExpression",
"name": "addresses",
"literal": {
"type": "Type",
"literal": {
"type": "MappingExpression",
"from": {
"type": "Type",
"literal": "uint",
"members": [],
"array_parts": []
},
"to": {
"type": "Type",
"literal": "address",
"members": [],
"array_parts": []
}
},
"members": [],
"array_parts": []
},
"is_constant": false,
"is_public": true
}
}
]
}
]
}
Test
In a checkout of the project, run:
$ npm test
License
MIT
FAQs
PEG.js Solidity parser for Javascript
The npm package solidity-parser receives a total of 16 weekly downloads. As such, solidity-parser popularity was classified as not popular.
We found that solidity-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 24 Jul 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
NIST Under Federal Audit for NVD Processing Backlog and Delays
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
By Sarah Gooding - May 27, 2025
Research
Security News
60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
By Kirill Boychenko - May 23, 2025