Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Solium is a linter for Solidity which uses Abstract Syntax Trees and allows the user to enable/disable existing rules and add their own ones!
It internally uses solparse to parse your solidity code into a Spider Monkey compliant AST
Solium aims to comply with the official Solidity Style Guide. In future, Solium would allow its users to choose between certain rules (for example - tabs vs. spaces).
#Install
npm install -g solium
#Usage In the root directory of your DApp, run the following:
solium --init
This creates .soliumrc.json
and .soliumignore
inside your root directory, which have the configuration for the enabled and custom rules and files and folders to ignore while running the linter respectively.
You can disable a particular rule by setting its value to false
in .soliumrc.json
In order to lint a specific file, use:
solium --file foobar.sol
To run the linter over your entire project, use the following command in your root directory:
solium
This lints all the files inside your project with .sol
extension.
#Additional Options
Use solium --hot
to enable Hot loading (Hot swapping).
When new rules are added in subsequent versions and you update Solium, you need not re-initialize with --init
. Simply run solium --sync
in your root directory and it automatically adds the newly added rules to your .soliumrc.json
. The sync option doesn't change anything else in your configuration files.
Use solium --dir <DIRECTORY_NAME>
to run the linter over a particular directory
#Plugging in your custom rules
-> Open up the .soliumrc.json
configuration file and set the value of custom-rules-filename
to the path of the file that defines your rules. You can either provide an absolute path or a path relative to the directory in which .soliumrc.json resides. For example: "custom-rules-filename": "./my-rules.js"
The format for writing your custom rule file (for example, my-rules.js
) is:
module.exports = {
'my-rule-name-1': function (context) {
//Solium internally uses EventEmitter and emits an event every time it enters or leaves a node during the Depth First Traversal of the AST
context.on ('IfStatement', function (emittedObject) {
//exit property is set to true if we are leaving the node
if (emittedObject.exit) {
return;
}
//View the node representing an If Statement
console.log (emittedObject.node);
//report an error
context.report ({
node: emittedObject.node,
message: 'I JUST ENTERED AN IF STATEMENT!!',
location: { //optional
line: 1, //optional
column: 2 //optional
}
});
});
},
'my-rule-name-2': function (context) {
context.on ('ContractStatement', function (emittedObject) {
//similarly define this rule to do something with Contract Declarations
});
}
};
NOTE: The best way to know which event you're looking for is to simply install solparse or solidity-parser, then parse your code into the AST and see the value of the type
field of the node that you wish to target.
See the existing rules to get an idea of how the rules are making use of the context object being provided to them.
-> Then, inside the rules
object in the same file, set your rule names to true
. For instance:
"rules": {
"my-rule-name-1": true,
"my-rule-name-2": true
}
NOTE: If you write a rule whose name clashes with the name of a pre-defined rule, your custom rule overrides the pre-defined one.
#Integrate Solium in your app To access Solium's API, first install it:
npm install --save solium
##Usage
let Solium = require ('solium'),
sourceCode = 'contract fOO_bar { function HELLO_WORLD () {} }';
//sourceCode can alternatively be a Buffer object
let errorObjects = Solium.lint (sourceCode, {
'custom-rules-filename': null, //see above if you wish to add custom rules
rules: {
camelcase: true,
mixedcase: true
}
});
errorObjects.forEach ( (err) => {
console.log (err);
});
For a list of all available rules, see solium.json.
#Contributing Please see the Developer Guide to understand how to contribute rules to this repository.
##Setup
Clone the repository, traverse to the root directory of the project, then install dependencies:
npm install
##Running Tests
npm test
#License ##MIT
FAQs
Linter to identify and fix Style & Security issues in Solidity
We found that solium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.