A community-maintained solhint fork

![NPM
version](https://npmjs.org/package/solhint-community)
!MIT licensed


This is an open source project for linting Solidity code. This project
provides both Security and Style Guide validations.

Why use this fork

This fork was started in mid 2023 to provide the community with an up-to-date
linter regardless of protofire's funding allocations, which had proven
inconsistent in the past with a big hiatus in development from 2021-2023 and in
the middle of 2023.

Currently we're working on a major version change that'll hopefully bring many
improvements desired by the community (see issues tagged with
v4.0.0),
at the cost of some breaking changes.

How to help out

- If you're a linter user, please consider using the latest release candidate
(currently using "^4.0.0-rc00" in your package.json will get you that),
where features are first pushed, and report any errors/potential improvements so
they don't get to affect most users.
- If you want to help as a developer, grab some issue tagged with
good-first-issue
and see contributing.md for a quick start guide. Feel
free to create new issues or drop by the telegram
group to ask for help!

Installation

You can install solhint-community using npm:

``sh
npm install -g solhint-community

verify that it was installed correctly


solhint --version
`

Usage

First initialize a configuration file, if you don't have one:

`sh
solhint init-config
`

This will create a .solhint.json file with the recommended rules enabled. Then run Solhint with one or more Globs) as arguments. For example, to lint all files inside contracts directory, you can do:

`sh
solhint 'contracts/*/.sol'
`

To lint a single file:

`sh
solhint contracts/MyToken.sol
`

Run solhint without arguments to get more information:

`text
Usage: solhint [options] [...other_files]

Linter for Solidity programming language

Options:
-V, --version output the version number
-f, --formatter [name] chosen formatter for reports (stylish, table, tap, unix, json, compact)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] extra config file to source, in addition to the defaults
-q, --quiet report errors only. Takes precedence over --max-warnings - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems. If used in conjunction with stdin, then fixed file will be printed to stdout and report will be omitted
-h, --help display help for command

Commands:
stdin [options] linting of source code data provided to STDIN
init-config create configuration file for solhint
list-rules display enabled rules of current config, including extensions
`

Exit codes

- 0: linted files had no errors
- 1: linted files had 1 or more errors, or more warnings than --max-warnings
- 255: provided command-line options were invalid, see stderr for details

Configuration

You can use a .solhint.json file to configure Solhint for the whole project.

To generate a new sample .solhint.json file in current folder you can do:

`sh
solhint init-config
`

This file has the following format:


$3


`json
{
"extends": "solhint:recommended"
}
`

$3

`json
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
`
A full list of all supported rules can be found here.

To ignore files that do not require validation you can use a .solhintignore file. It supports rules in
the .gitignore format.

`
node_modules/
additional-tests.sol
`

$3

The extendable rulesets provided by solhint are the following:

+ solhint:recommended

Use one of these as the value for the "extends" property in your configuration file.

$3

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

`solidity
// solhint-disable-next-line
uint[] a;
`

You can disable specific rules on a given line. For example:

`solidity
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
`

Disable validation on current line:

`solidity
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
`

Disable specific rules on current line:

`solidity
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
`

You can disable a rule for a group of lines:

`solidity
/ solhint-disable avoid-tx-origin /
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/ solhint-enable avoid-tx-origin /
`

Or disable all validations for a group of lines:

`solidity
/ solhint-disable /
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/ solhint-enable /
`

Rules

$3

Full list with all supported Security Rules

$3

Full list with all supported Style Guide Rules

$3

Full list with all supported Best Practices Rules

Documentation

Related documentation you may find here.

IDE Integrations

- Sublime Text 3
- Atom
- Vim, neovim
- JetBrains IDEA, WebStorm, CLion, etc.
- **VS Code: Solidity by Juan Blanco**
- **VS Code: Solidity Language Support by CodeChain.io**

Table of Contents

* Roadmap: The core project's roadmap - what the core team is looking to work on in the near future.
* Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
* Shareable configs: How to create and share your own configurations.
* Writing plugins: How to extend Solhint with your own rules.

Plugins

- solhint-plugin-prettier: Integrate Solhint
with the Solidity plugin for Prettier to report & automatically fix formatting issues.
- DeFi Wonderland: extra rules defined by Wonderland's team. Some of them now re-implemented here.

Who uses Solhint-community?

Acknowledgements

The Solidity parser used is @solidity-parser/parser`.

Licence

MIT