Skip to content

Solhint is an open-source project to provide a linting utility for Solidity code.

License

Notifications You must be signed in to change notification settings

1detbiarta/solhint

Repository files navigation

Solhint Project

Build Status npm version Coverage Status dependencies Status devDependencies Status

This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.

Installation

You can install Solhint using npm:

npm install -g solhint

# verify that it was installed correctly
solhint -V

Usage

For linting Solidity files you need to run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts directory, you can do:

solhint "contracts/**/*.sol"

To lint a single file:

solhint contracts/MyToken.sol

Solhint command description:

Usage: solhint [options] <file> [...other_files]

Linter for Solidity programming language


Options:

  -V, --version           output the version number
  -f, --formatter [name]  report formatter name (stylish, table, tap, unix)
  -h, --help              output usage information


Commands:

  stdin [options]         put source code to stdin of this utility
  init-config             create sample solhint config in current folder

Configuration

You can use a .solhint.json file to configure Solhint globally. This file has the following format:

  {
    "extends": "default",
    "rules": {
      "avoid-throw": false,
      "avoid-suicide": "error",
      "avoid-sha3": "warn",
      "indent": ["warn", 4]
    }
  }

To ignore files / folders that do not require validation you may use .solhintignore file. It supports rules in .gitignore format.

node_modules/
additiona-tests.sol

Configure linter with comments

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

  // solhint-disable-next-line
  uint[] a;

You can disable a single rule on a given line. For example, to disable validation of fixed compiler version in the next line:

  // solhint-disable-next-line compiler-fixed, compiler-gt-0_4
  pragma solidity ^0.4.4;

Disable validation on current line:

  pragma solidity ^0.4.4; // solhint-disable-line

Disable validation of fixed compiler version validation on current line:

  pragma solidity ^0.4.4; // solhint-disable-line compiler-fixed, compiler-gt-0_4

You can disable a rule for a group of lines:

  /* solhint-disable avoid-throw */
  if (a > 1) {
    throw;
  }
  /* solhint-enable avoid-throw */

Or disable all validations for a group of lines:

  /* solhint-disable */
  if (a > 1) {
    throw;
  }
  /* solhint-enable */

Security Rules

Rule ID Error
reentrancy Possible reentrancy vulnerabilities. Avoid state changes after transfer.
avoid-sha3 Use "keccak256" instead of deprecated "sha3"
avoid-suicide Use "selfdestruct" instead of deprecated "suicide"
avoid-throw "throw" is deprecated, avoid to use it
func-visibility Explicitly mark visibility in function
state-visibility Explicitly mark visibility of state
check-send-result Check result of "send" call
avoid-call-value Avoid to use ".call.value()()"
compiler-fixed Compiler version must be fixed
compiler-gt-0_4 Use at least '0.4' compiler version
no-complex-fallback Fallback function must be simple
mark-callable-contracts Explicitly mark all external contracts as trusted or untrusted
multiple-sends Avoid multiple calls of "send" method in single transaction
no-simple-event-func-name Event and function names must be different
avoid-tx-origin Avoid to use tx.origin
no-inline-assembly Avoid to use inline assembly. It is acceptable only in rare cases
not-rely-on-block-hash Do not rely on "block.blockhash". Miners can influence its value.
avoid-low-level-calls Avoid to use low level calls.

* - All security rules implemented according ConsenSys Guide for Smart Contracts

Style Guide Rules

Rule ID Error
func-name-mixedcase Function name must be in camelCase
func-param-name-mixedcase Function param name must be in mixedCase
var-name-mixedcase Variable name must be in mixedCase
event-name-camelcase Event name must be in CamelCase
const-name-snakecase Constant name must be in capitalized SNAKE_CASE
modifier-name-mixedcase Modifier name must be in mixedCase
contract-name-camelcase Contract name must be in CamelCase
use-forbidden-name Avoid to use letters 'I', 'l', 'O' as identifiers
visibility-modifier-order Visibility modifier must be first in list of modifiers
imports-on-top Import statements must be on top
two-lines-top-level-separator Definition must be surrounded with two blank line indent
func-order Function order is incorrect
quotes Use double quotes for string literals
no-mix-tabs-and-spaces Mixed tabs and spaces
indent Indentation is incorrect
bracket-align Open bracket must be on same line. It must be indented by other constructions by space
array-declaration-spaces Array declaration must not contains spaces
separate-by-one-line-in-contract Definitions inside contract / library must be separated by one line
expression-indent Expression indentation is incorrect.
statement-indent Statement indentation is incorrect.
space-after-comma Comma must be separated from next element by space
no-spaces-before-semicolon Semicolon must not have spaces before

* - All style guide rules implemented according Solidity Style Guide

Best Practise Rules

Rule ID Error
max-line-length Line length must be no more than 120 but current length is 121.
payable-fallback When fallback is not payable you will not be able to receive ethers
no-empty-blocks Code contains empty block
no-unused-vars Variable "name" is unused
function-max-lines Function body contains "count" lines but allowed no more than "maxLines" lines
code-complexity Function has cyclomatic complexity "current" but allowed no more than "max"
max-states-count Contract has "curCount" states declarations but allowed no more than "max"

Documentation

Related documentation you may find there.

IDE Integrations

Licence

MIT

About

Solhint is an open-source project to provide a linting utility for Solidity code.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 99.9%
  • Solidity 0.1%