![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
solium
Advanced tools
Changelog
1.2.5 (2019-09-14)
no-empty-blocks
to not report inherited constructors with empty blocks (#264).errorMessageMaxLength
for rule error-reason
to specify a character limit on error message.Readme
Ethlint (Formerly Solium) analyzes your Solidity code for style & security issues and fixes them.
See Documentation, Changelog and upcoming releases.
Before beginning to work on a contribution, please read the Guidelines.
npm install -g ethlint
solium -V
For backward-compatibility, you can still use npm install -g solium
.
If you're currently using the solium
package for npm install
, it is highly recommended that you move to ethlint
. The solium
package will not receive updates after December, 2019. There are no differences between the updates pushed to ethlint
and solium
packages.
In the root directory of your DApp:
solium --init
This creates 2 files for you:
.soliumignore
- contains names of files and directories to ignore while linting.soliumrc.json
- contains configuration that tells Solium how to lint your project. You should modify this file to configure rules, plugins and sharable configs..soliumrc.json
looks like:
{
"extends": "solium:recommended",
"plugins": ["security"],
"rules": {
"quotes": ["error", "double"],
"indentation": ["error", 4],
"linebreak-style": ["error", "unix"]
}
}
To know which lint rules Solium applies for you, see Style rules and Security rules.
NOTE
Solium does not strictly adhere to Solidity Style Guide. It aims to promote coding practices agreed upon by the community at large.
solium -f foobar.sol
solium -d contracts/
Comment Directives can be used to configure Solium to ignore specific pieces of code.
They follow the pattern solium-disable<optional suffix>
.
If you only use the directive, Solium disables all rules for the marked code. If that's not desirable, specify the rules to disable after the directive, separated by comma.
contract Foo {
/* solium-disable-next-line */
function() {
bytes32 bar = 'Hello world'; // solium-disable-line quotes
// solium-disable-next-line security/no-throw, indentation
throw;
}
}
/* solium-disable */
contract Foo {
...
}
Solium automatically fixes your code to resolve whatever issues it can.
solium -d contracts/ --fix
If Ethlint helped make your life simpler, please consider donating ETH to 0xacc661A56af9793a4437876a52F4Ad3fc3C443d6
FAQs
Linter to identify and fix Style & Security issues in Solidity
The npm package solium receives a total of 1,024 weekly downloads. As such, solium popularity was classified as popular.
We found that solium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.