solhint

By Protofire

This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
VISIT OUR WEBSITE
JOIN OUR DISCORD SERVER

Installation

You can install Solhint using npm:

npm install -g solhint

# verify that it was installed correctly
solhint --version

Usage

First initialize a configuration file, if you don’t have one:

solhint --init

This will create a .solhint.json file with the recommended rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts directory, you can do:

solhint 'contracts/**/*.sol'

To lint a single file:

solhint contracts/MyToken.sol

Run solhint without arguments to get more information:

Usage: solhint [options] <file> [...other_files]

Linter for Solidity programming language

Options:

  -V, --version                           output the version number
  -f, --formatter [name]                  report formatter name (stylish, table, tap, unix, json, compact, sarif)
  -w, --max-warnings [maxWarningsNumber]  number of allowed warnings, works in quiet mode as well
  -c, --config [file_name]                file to use as your rules configuration file (not compatible with multiple configs)
  -q, --quiet                             report errors only - default: false
  --ignore-path [file_name]               file to use as your .solhintignore
  --fix                                   automatically fix problems and show report
  --cache                                 only lint files that changed since last run
  --cache-location                        path to the cache file
  --noPrompt                              do not suggest to backup files when any `fix` option is selected
  --init                                  create configuration file for solhint
  --disc                                  do not check for solhint updates
  --save                                  save report to file on current folder
  --noPoster                              remove discord poster
  -h, --help                              output usage information

Commands:

  stdin [options]                         linting of source code data provided to STDIN
  list-rules                              display covered rules of current .solhint.json

New Versions

• Solhint checks if there are newer versions. The --disc option avoids that check.
• --save option will create a file named as YYYYMMDDHHMMSS_solhintReport.txt on current folder with default or specified format

Fix

This option currently works on:

• avoid-throw
• avoid-sha3
• no-console
• explicit-types
• private-vars-underscore
• payable-fallback
• quotes
• contract-name-capwords
• avoid-suicide
  
  

Configuration

You can use a .solhint.json file to configure Solhint for the whole project.

To generate a new sample .solhint.json file in current folder you can do:

solhint --init 

This file has the following format:

Default

{
  "extends": "solhint:recommended"
}

The solhint:default configuration contains only two rules: max-line-length & no-console It is now deprecated since version 5.1.0

Multiple Configs

Multiple configs files can be used at once. All config files should be named .solhint.json. If not done like this, multiple hierarchy configuration will not work. Solhint will go though all config files automatically.

Given this structure:

Project ROOT =>
/contracts
---> RootAndContractRules.sol
---> .solhint.json

/src
--->RootRules.sol
--->interfaces/
------->InterfaceRules.sol
------->solhint.json  

.solhint.json  

• Solhint config located on root will be the main one.
• When analyzing RootRules.sol, root file config will be used that file.
• InterfaceRules.sol will be using the one inside its own folder taking precedence over the root folder one.
• Rules not present in interfaces/ folder and present in root will be active.
• Rules not present in root folder and present in interfaces/ folder will be active.
• If rule is present in both files, the closest to the analyzed file will take precedence. Meaning when analyzing InterfaceRules.sol the config file located in Interfaces/ will be used with the remaining rules of the root one.
  
  

Sample of simple config with recommended rules

  {
    "extends": "solhint:recommended",
    "plugins": [],
    "rules": {
      "avoid-suicide": "error",
      "avoid-sha3": "warn"
    }
  }

A full list of all supported rules can be found here.

Ignore Configuration

You can exclude files from linting using a .solhintignore file (name by default) or --ignore-path followed by a custom name. It uses the same syntax as .gitignore, including support for negation with !.

Example:

contracts/**
!contracts/utils/
!contracts/utils/SafeMath.sol

This will:

• Ignore everything inside contracts/
• Except the folder contracts/utils/
• And the file SafeMath.sol inside it

Tip: To unignore a file, you must also unignore its parent folders.

Cache

Solhint supports a caching mechanism using the --cache flag to avoid re-linting files that haven’t changed. When enabled, Solhint stores a hash of each file’s content and effective configuration, skipping analysis if neither has changed. By default, the cache is saved in .solhintcache.json in the current working directory. You can customize this location using the --cache-location option. If no location is specified, the file will be stored in: node_modules/.cache/solhint/.solhint-cache.json

Warning: When using cache flag. If a file was analyzed with not error for a certain config, the hash will be stored. If the file is not changed but the config file (.solhint.json) has some new rules, the file will not be analyzed. To analyze it again, remove cache option.

Example:

solhint contracts/**/*.sol --cache
solhint Foo.sol --cache --cache-location tmp/my-cache.json

Extendable rulesets

The rulesets provided by solhint are the following:

• solhint:default (deprecated since version v5.1.0)
• solhint:recommended

Use one of these as the value for the “extends” property in your configuration file.

Configure the linter with comments

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

  // solhint-disable-next-line
  uint[] a;

You can disable specific rules on a given line. For example:

  // solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));

Disable validation on current line:

  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line

Disable specific rules on current line:

   uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash

You can disable a rule for a group of lines:

  /* solhint-disable avoid-tx-origin */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable avoid-tx-origin */

Or disable all validations for a group of lines:

  /* solhint-disable */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable */

Rules

Security Rules

Full list with all supported Security Rules

Style Guide Rules

Full list with all supported Style Guide Rules

Best Practices Rules

Full list with all supported Best Practices Rules

Docker

Solhint has an official Docker Image

Go to docker folder and follow this instructions.

pre-commit

Solhint can also be used as pre-commit hook

Replace $GIT_TAG with real tag:

- repo: https://github.com/protofire/solhint
  rev: $GIT_TAG
  hooks:
    - id: solhint

Documentation

Related documentation you may find here.

IDE Integrations

• Sublime Text 3
• Atom
• Vim
• JetBrains IDEA, WebStorm, CLion, etc.
• VS Code: Solidity by Juan Blanco
• VS Code: Solidity Language Support by CodeChain.io

Table of Contents

• Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
• Shareable configs: How to create and share your own configurations.
• Writing plugins: How to extend Solhint with your own rules.

Plugins

• solhint-plugin-prettier: Integrate Solhint with the Solidity plugin for Prettier.

Who uses Solhint?

Projects

• OpenZeppelin:
  • openzeppelin-contracts
• POA Network - Public EVM Sidechain:
  • Proof of Physical Address (PoPA)
  • Proof of Bank Account (PoBA)
• 0x-Project
  • 0x-Monorepo
• Gnosis:
  • Gnosis Prediction Market Contracts
  • The DutchX decentralized trading protocol

Acknowledgements

The Solidity parser used is @solidity-parser/parser.

License

MIT

Back us

Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We’ll highly appreciate it :)

Related projects

• eth-cli: CLI swiss army knife for Ethereum developers.

This site is open source. Improve this page.