By Protofire


![Coverage Status](
https://coveralls.io/github/protofire/solhint?branch=master)

This is an open source project for linting Solidity code. This project
provides both Security and Style Guide validations.

Installation

You can install Solhint using npm:

``sh
npm install -g solhint

verify that it was installed correctly


solhint --version
`

Usage

First initialize a configuration file, if you don't have one:

`sh
solhint --init
`

This will create a .solhint.json file with the default rules enabled. Then run Solhint with one or more Globs) as arguments. For example, to lint all files inside contracts directory, you can do:

`sh
solhint 'contracts/*/.sol'
`

To lint a single file:

`sh
solhint contracts/MyToken.sol
`

Run solhint without arguments to get more information:

`text
Usage: solhint [options] [...other_files]

Linter for Solidity programming language

Options:

-V, --version output the version number
-f, --formatter [name] report formatter name (stylish, table, tap, unix)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] file to use as your .solhint.json
-q, --quiet report errors only - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems
--init create configuration file for solhint
-h, --help output usage information

Commands:

stdin [options] linting of source code data provided to STDIN
`

Configuration

You can use a .solhint.json file to configure Solhint for the whole project.

To generate a new sample .solhint.json file in current folder you can do:

`sh
solhint --init
`

This file has the following
format:


`json
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
`
A full list of all supported rules can be found here.

To ignore files that do not require validation you can use a .solhintignore file. It supports rules in
the .gitignore format.

`
node_modules/
additional-tests.sol
`

$3

The default rulesets provided by solhint are the following:

+ solhint:default
+ solhint:recommended

Use one of these as the value for the "extends" property in your configuration file.

$3

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

`solidity
// solhint-disable-next-line
uint[] a;
`

You can disable specific rules on a given line. For example:

`solidity
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
`

Disable validation on current line:

`solidity
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
`

Disable specific rules on current line:

`solidity
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
`

You can disable a rule for a group of lines:

`solidity
/ solhint-disable avoid-tx-origin /
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/ solhint-enable avoid-tx-origin /
`

Or disable all validations for a group of lines:

`solidity
/ solhint-disable /
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/ solhint-enable /
`

Rules

$3

Full list with all supported Security Rules

$3

Full list with all supported Style Guide Rules

$3

Full list with all supported Best Practices Rules

Documentation

Related documentation you may find here.

IDE Integrations

- Sublime Text 3
- Atom
- Vim
- JetBrains IDEA, WebStorm, CLion, etc.
- **VS Code: Solidity by Juan Blanco**
- **VS Code: Solidity Language Support by CodeChain.io**

Table of Contents

* Roadmap: The core project's roadmap - what the core team is looking to work on in the near future.
* Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
* Shareable configs: How to create and share your own configurations.
* Writing plugins: How to extend Solhint with your own rules.

Plugins

- solhint-plugin-prettier: Integrate Solhint
with the Solidity plugin for Prettier.

Who uses Solhint?

$3

- OpenZeppelin:
- openzeppelin-contracts
- POA Network - Public EVM Sidechain:
- Proof of Physical Address (PoPA)
- Proof of Bank Account (PoBA)
- 0x
- Gnosis:
- Gnosis Prediction Market Contracts
- The DutchX decentralized trading protocol

Acknowledgements

The Solidity parser used is @solidity-parser/parser`.

Licence

MIT

Back us

Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We'll highly appreciate it :)


Related projects

- eth-cli: CLI swiss army knife for Ethereum developers.