Solhint Project

This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.

Installation

You can install Solhint using npm:

npm install -g solhint

# verify that it was installed correctly
solhint -V

Usage

First initialize a configuration file, if you don't have one:

solhint init-config

This will create a .solhint.json file some default rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts directory, you can do:

solhint "contracts/**/*.sol"

To lint a single file:

solhint contracts/MyToken.sol

Solhint command description:

Usage: solhint [options] <file> [...other_files]

Linter for Solidity programming language


Options:

  -V, --version                              output the version number
  -f, --formatter [name]                     report formatter name (stylish, table, tap, unix)
  -w, --max-warnings [maxWarningsNumber]     number of warnings to trigger nonzero
  -c, --config [file_name]                   file to use as your .solhint.json
  -q, --quiet                                report errors only - default: false
  --ignore-path [file_name]                  file to use as your .solhintignore
  -h, --help                                 output usage information



Commands:

  stdin [options]         put source code to stdin of this utility
  init-config             create sample solhint config in current folder

Configuration

You can use a .solhint.json file to configure Solhint globally.

To generate a new sample .solhint.json file in current folder you can do:

solhint init-config

This file has the following format:

  {
    "extends": "solhint:default",
    "plugins": [],
    "rules": {
      "const-name-snakecase": "off",
      "avoid-suicide": "error",
      "avoid-sha3": "warn",
      "avoid-tx-origin:": "warn",
      "not-rely-on-time": "warn",
      "not-rely-on-block-hash": "warn"
    }
  }

A full list of all supported rules can be found here.

To ignore files / folders that do not require validation you may use .solhintignore file. It supports rules in .gitignore format.

node_modules/
additional-tests.sol

Configure linter with comments

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

  // solhint-disable-next-line
  uint[] a;

You can disable rules on a given line. For example, to disable validation of time and block hash based computations in the next line:

  // solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));

Disable validation on current line:

  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line

Disable validation of time and block hash based computations on current line:

   uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash 

You can disable a rule for a group of lines:

  /* solhint-disable avoid-tx-origin */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable avoid-tx-origin */

Or disable all validations for a group of lines:

  /* solhint-disable */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable */

Rules

Security Rules

Full list with all supported Security Rules

Style Guide Rules

Full list with all supported Style Guide Rules

Best Practices Rules

Full list with all supported Best Practices Rules

Documentation

Related documentation you may find there.

IDE Integrations

• Sublime Text 3
• Atom
• Vim
• JetBrains IDEA, WebStorm, CLion, etc.
• VS Code: Solidity by Juan Blanco
• VS Code: Solidity Language Support by CodeChain.io

Table of Contents

• Roadmap: The core project's roadmap - what the core team is looking to work on in the near future.
• Contributing: The core Solhint team ❤️ contributions. This describes how you can contribute to the Solhint Project.
• Shareable configs: How to create and share your own configurations.
• Writing plugins: How to extend Solhint with your own rules.

Plugins

• solhint-plugin-prettier: Integrate Solhint with the Solidity plugin for Prettier.

Who uses Solhint?

Projects

• OpenZeppelin:
  • openzeppelin-contracts
• POA Network - Public EVM Sidechain:
  • Proof of Physical Address (PoPA)
  • Proof of Bank Account (PoBA)
• 0x
• Gnosis:
  • Gnosis Prediction Market Contracts
  • The DutchX decentralized trading protocol

Acknowledgements

The grammar used by solhint was created and is maintained by Federico Bond. You can find it here.

Licence

MIT

Back us

Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We'll highly appreciate it :)

Related projects

• eth-cli: CLI swiss army knife for Ethereum developers.