solhint-community
A community-maintained solhint fork
This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
Why use this fork
This fork was started in mid 2023 to provide the community with an up-to-date linter regardless of protofire’s funding allocations, which had proven inconsistent in the past with a big hiatus in development from 2021-2023 and in the middle of 2023.
Currently we’re working on a major version change that’ll hopefully bring many improvements desired by the community (see issues tagged with v4.0.0), at the cost of some breaking changes.
How to help out
- If you’re a linter user, please consider using the latest release candidate
(currently using
"^4.0.0-rc00"in yourpackage.jsonwill get you that), where features are first pushed, and report any errors/potential improvements so they don’t get to affect most users. - If you want to help as a developer, grab some issue tagged with good-first-issue and see contributing.md for a quick start guide. Feel free to create new issues or drop by the telegram group to ask for help!
Installation
You can install solhint-community using npm:
npm install -g solhint-community
# verify that it was installed correctly
solhint --version
Usage
First initialize a configuration file, if you don’t have one:
solhint init-config
This will create a .solhint.json file with the recommended rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts directory, you can do:
solhint 'contracts/**/*.sol'
To lint a single file:
solhint contracts/MyToken.sol
Run solhint without arguments to get more information:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] chosen formatter for reports (stylish, table, tap, unix, json, compact)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] extra config file to source, in addition to the defaults
-q, --quiet report errors only. Takes precedence over --max-warnings - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems. If used in conjunction with stdin, then fixed file will be printed to stdout and report will be omitted
-h, --help display help for command
Commands:
stdin [options] linting of source code data provided to STDIN
init-config create configuration file for solhint
list-rules display enabled rules of current config, including extensions
Exit codes
0: linted files had no errors1: linted files had 1 or more errors, or more warnings than--max-warnings255: provided command-line options were invalid, see stderr for details
Configuration
You can use a .solhint.json file to configure Solhint for the whole project.
To generate a new sample .solhint.json file in current folder you can do:
solhint init-config
This file has the following format:
Default
{
"extends": "solhint:recommended"
}
Sample
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
A full list of all supported rules can be found here.
To ignore files that do not require validation you can use a .solhintignore file. It supports rules in
the .gitignore format.
node_modules/
additional-tests.sol
Extendable rulesets
The extendable rulesets provided by solhint are the following:
- solhint:recommended
Use one of these as the value for the “extends” property in your configuration file.
Configure the linter with comments
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable specific rules on a given line. For example:
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
Disable validation on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
Disable specific rules on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
You can disable a rule for a group of lines:
/* solhint-disable avoid-tx-origin */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable avoid-tx-origin */
Or disable all validations for a group of lines:
/* solhint-disable */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable */
Rules
Security Rules
Full list with all supported Security Rules
Style Guide Rules
Full list with all supported Style Guide Rules
Best Practices Rules
Full list with all supported Best Practices Rules
Documentation
Related documentation you may find here.
IDE Integrations
- Sublime Text 3
- Atom
- Vim, neovim
- JetBrains IDEA, WebStorm, CLion, etc.
- VS Code: Solidity by Juan Blanco
- VS Code: Solidity Language Support by CodeChain.io
Table of Contents
- Roadmap: The core project’s roadmap - what the core team is looking to work on in the near future.
- Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
- Shareable configs: How to create and share your own configurations.
- Writing plugins: How to extend Solhint with your own rules.
Plugins
- solhint-plugin-prettier: Integrate Solhint with the Solidity plugin for Prettier to report & automatically fix formatting issues.
- DeFi Wonderland: extra rules defined by Wonderland’s team. Some of them now re-implemented here.
Who uses Solhint-community?
Acknowledgements
The Solidity parser used is @solidity-parser/parser.
Licence
MIT