Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
By Sarah Gooding - Sep 30, 2024
Solium
Solium analyzes your Solidity code for style & security issues and fixes them.
Standardize Smart Contract practices across your organisation. Integrate with your build system. Deploy with confidence!
Install
npm install -g solium
solium -V
Usage
In the root directory of your DApp:
solium --init
This creates 2 files for you:
.soliumignore- contains names of files and directories to ignore while linting.soliumrc.json- contains configuration that tells Solium how to lint your project. You should modify this file to configure rules, plugins and sharable configs.
.soliumrc.json looks like:
{
"extends": "solium:all",
"plugins": ["security"],
"rules": {
"quotes": ["error", "double"],
"indentation": ["error", 4],
"arg-overflow": ["warning", 3]
}
}
To know which lint rules Solium applies for you, see Core rules and Security rules
Lint
solium -f foobar.sol
solium -d contracts/
Configure with comments [BETA]
Comment Directives can be used to configure Solium to ignore specific pieces of code.
They follow the pattern solium-disable<optional suffix>.
If you only use the directive, Solium disables all rules for the marked code. If that's not desirable, specify the rules to disable after the directive, separated by comma.
- Disable linting on a specific line
contract Foo {
/* solium-disable-next-line */
function() {
var bar = 'Hello world'; // solium-disable-line quotes
// solium-disable-next-line security/no-throw, indentation
throw;
}
}
- Disable linting on entire file
/* solium-disable */
contract Foo {
...
}
Fix
Solium automatically fixes your code to resolve whatever issues it can.
solium -d contracts --fix
IDE & Editor Integrations
- VS Code: Solidity with Solium linting by Beau Gunderson
- VS Code: Solidity with Solium linting by Juan Blanco
- VS Code: Solidity with Solium linting by CodeChain.io
- Sublime Solium Gutter by Florian Sey
- Sublime Solium Linter by Alex Step
- Atom Solium Linter by Travis Jacobs
- Syntastic local solium by Brett Sun
- Solium Ale Integration by Jeff Sutherland
- Solium Neomake Integration by Beau Gunderson
Migrating from v0
If you're currently using Solium v0, we highly recommend you to migrate to v1. v1 is backward compatible and provides you with much greater flexibility to configure rules, powerful security rules and auto code formatting among other features.
Trusted by the best
Access the complete Documentation
FAQs
Linter to identify and fix Style & Security issues in Solidity
The npm package solium receives a total of 1,298 weekly downloads. As such, solium popularity was classified as popular.
We found that solium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Dec 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Malicious “express-dompurify” npm Package Steals Browser and Cryptocurrency Wallet Data
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
By Socket Research Team - Sep 27, 2024
Security News
ENISA 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply Chain Attacks on Open Source Software
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
By Sarah Gooding - Sep 27, 2024