By Protofire
This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
You can install Solhint using npm:
npm install -g solhint
# verify that it was installed correctly
solhint --version
First initialize a configuration file, if you don't have one:
solhint --init
This will create a .solhint.json
file with the default rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts
directory, you can do:
solhint 'contracts/**/*.sol'
To lint a single file:
solhint contracts/MyToken.sol
Run solhint
without arguments to get more information:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] report formatter name (stylish, table, tap, unix)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] file to use as your .solhint.json
-q, --quiet report errors only - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems
--init create configuration file for solhint
-h, --help output usage information
Commands:
stdin [options] linting of source code data provided to STDIN
You can use a .solhint.json
file to configure Solhint for the whole project.
To generate a new sample .solhint.json
file in current folder you can do:
solhint --init
This file has the following format:
{
"extends": "solhint:default"
}
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
A full list of all supported rules can be found here.
To ignore files that do not require validation you can use a .solhintignore
file. It supports rules in
the .gitignore
format.
node_modules/
additional-tests.sol
The default rulesets provided by solhint are the following:
- solhint:default
- solhint:recommended
Use one of these as the value for the "extends" property in your configuration file.
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable specific rules on a given line. For example:
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
Disable validation on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
Disable specific rules on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
You can disable a rule for a group of lines:
/* solhint-disable avoid-tx-origin */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable avoid-tx-origin */
Or disable all validations for a group of lines:
/* solhint-disable */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable */
Full list with all supported Security Rules
Full list with all supported Style Guide Rules
Full list with all supported Best Practices Rules
Related documentation you may find here.
- Sublime Text 3
- Atom
- Vim
- JetBrains IDEA, WebStorm, CLion, etc.
- VS Code: Solidity by Juan Blanco
- VS Code: Solidity Language Support by CodeChain.io
- Roadmap: The core project's roadmap - what the core team is looking to work on in the near future.
- Contributing: The core Solhint team ❤️ contributions. This describes how you can contribute to the Solhint Project.
- Shareable configs: How to create and share your own configurations.
- Writing plugins: How to extend Solhint with your own rules.
- solhint-plugin-prettier: Integrate Solhint with the Solidity plugin for Prettier.
- OpenZeppelin:
- POA Network - Public EVM Sidechain:
- 0x-Project
- Gnosis:
The Solidity parser used is @solidity-parser/parser
.
MIT
Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We'll highly appreciate it :)
- eth-cli: CLI swiss army knife for Ethereum developers.