Detalhes do pacote

By Protofire

This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
VISIT OUR WEBSITE
JOIN OUR DISCORD SERVER

Installation

You can install Solhint using npm:

npm install -g solhint

# verify that it was installed correctly
solhint --version

Usage

First initialize a configuration file, if you don't have one:

solhint --init

This will create a .solhint.json file with the recommended rules enabled. Then run Solhint with one or more Globs) as arguments. For example, to lint all files inside contracts directory, you can do:

solhint 'contracts/**/*.sol'

To lint a single file:

solhint contracts/MyToken.sol

Run solhint without arguments to get more information:

Usage: solhint [options] <file> [...other_files]

Linter for Solidity programming language

Options:

  -V, --version                           output the version number
  -f, --formatter [name]                  report formatter name (stylish, table, tap, unix, json, compact, sarif)
  -w, --max-warnings [maxWarningsNumber]  number of allowed warnings, works in quiet mode as well
  -c, --config [file_name]                file to use as your rules configuration file (not compatible with multiple configs)
  -q, --quiet                             report errors only - default: false
  --ignore-path [file_name]               file to use as your .solhintignore
  --fix                                   automatically fix problems and show report
  --cache                                 only lint files that changed since last run
  --cache-location                        path to the cache file
  --noPrompt                              do not suggest to backup files when any `fix` option is selected
  --init                                  create configuration file for solhint
  --disc                                  do not check for solhint updates
  --save                                  save report to file on current folder
  --noPoster                              remove discord poster
  -h, --help                              output usage information

Commands:

  stdin [options]                         linting of source code data provided to STDIN
  list-rules                              display covered rules of current .solhint.json

Notes

• Solhint checks if there are newer versions. The --disc option avoids that check.
• --save option will create a file named as YYYYMMDDHHMMSS_solhintReport.txt on current folder with default or specified format

Fix

This option currently works on:

• avoid-throw
• avoid-sha3
• no-console
• explicit-types
• private-vars-underscore
• payable-fallback
• quotes
• contract-name-capwords
• avoid-suicide

Configuration

You can use a .solhint.json file to configure Solhint for the whole project.

To generate a new sample .solhint.json file in current folder you can do:

solhint --init

This file has the following format:

Default

{
  "extends": "solhint:recommended"
}

Note 1

The solhint:default configuration contains only two rules: max-line-length & no-console It is now deprecated since version 5.1.0

Note 2

Multiple configs files can be used at once. All config files should be named .solhint.json. If not done like this, multiple hierarchy configuration will not work. Solhint will go though all config files automatically.

Given this structure:

Project ROOT =>
/contracts
---> RootAndContractRules.sol
---> .solhint.json

/src
--->RootRules.sol
--->interfaces/
------->InterfaceRules.sol
------->solhint.json  

.solhint.json

• Solhint config located on root will be the main one.
• When analyzing RootRules.sol, root file config will be used that file.
• InterfaceRules.sol will be using the one inside its own folder taking precedence over the root folder one.
• Rules not present in interfaces/ folder and present in root will be active.
• Rules not present in root folder and present in interfaces/ folder will be active.
• If rule is present in both files, the closest to the analyzed file will take precedence. Meaning when analyzing InterfaceRules.sol the config file located in Interfaces/ will be used with the remaining rules of the root one.
  
  

Sample

  {
    "extends": "solhint:recommended",
    "plugins": [],
    "rules": {
      "avoid-suicide": "error",
      "avoid-sha3": "warn"
    }
  }

A full list of all supported rules can be found here.

To ignore files that do not require validation you can use a .solhintignore file. It supports rules in the .gitignore format.

node_modules/
additional-tests.sol

Cache

Solhint supports a caching mechanism using the --cache flag to avoid re-linting files that haven't changed. When enabled, Solhint stores a hash of each file's content and effective configuration, skipping analysis if neither has changed. By default, the cache is saved in .solhintcache.json in the current working directory. You can customize this location using the --cache-location option. If no location is specified, the file will be stored in: node_modules/.cache/solhint/.solhint-cache.json

Warning: When using cache flag. If a file was analyzed with not error for a certain config, the hash will be stored. If the file is not changed but the config file (.solhint.json) has some new rules, the file will not be analyzed. To analyze it again, remove cache option.

Example:

solhint contracts/**/*.sol --cache
solhint Foo.sol --cache --cache-location tmp/my-cache.json

Extendable rulesets

The rulesets provided by solhint are the following:

• solhint:default (deprecated since version v5.1.0)
• solhint:recommended

Use one of these as the value for the "extends" property in your configuration file.

Configure the linter with comments

You can use comments in the source code to configure solhint in a given line or file.

For example, to disable all validations in the line following a comment:

  // solhint-disable-next-line
  uint[] a;

You can disable specific rules on a given line. For example:

  // solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));

Disable validation on current line:

  uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line

Disable specific rules on current line:

   uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash

You can disable a rule for a group of lines:

  /* solhint-disable avoid-tx-origin */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable avoid-tx-origin */

Or disable all validations for a group of lines:

  /* solhint-disable */
  function transferTo(address to, uint amount) public {
    require(tx.origin == owner);
    to.call.value(amount)();
  }
  /* solhint-enable */

Rules

Security Rules

Full list with all supported Security Rules

Style Guide Rules

Full list with all supported Style Guide Rules

Best Practices Rules

Full list with all supported Best Practices Rules

Docker

Solhint has an official Docker Image

Go to docker folder and follow this instructions.

pre-commit

Solhint can also be used as pre-commit hook

Replace $GIT_TAG with real tag:

- repo: https://github.com/protofire/solhint
  rev: $GIT_TAG
  hooks:
    - id: solhint

Documentation

Related documentation you may find here.

IDE Integrations

• Sublime Text 3
• Atom
• Vim
• JetBrains IDEA, WebStorm, CLion, etc.
• **[VS Code: Solidity by Juan Blanco](

   https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity)**
  

• **[VS Code: Solidity Language Support by CodeChain.io](

   https://marketplace.visualstudio.com/items?itemName=kodebox.solidity-language-server)**
  

Table of Contents

• Contributing: The core Solhint team :heart: contributions. This describes how you can contribute to the Solhint Project.
• Shareable configs: How to create and share your own configurations.
• Writing plugins: How to extend Solhint with your own rules.

Plugins

• solhint-plugin-prettier: Integrate Solhint with the Solidity plugin for Prettier.

Who uses Solhint?

Projects

• OpenZeppelin:
  • openzeppelin-contracts
• POA Network - Public EVM Sidechain:
  • Proof of Physical Address (PoPA)
  • Proof of Bank Account (PoBA)
• 0x-Project
  • 0x-Monorepo
• Gnosis:
  • Gnosis Prediction Market Contracts
  • The DutchX decentralized trading protocol

Acknowledgements

The Solidity parser used is @solidity-parser/parser.

License

MIT

Back us

Solhint is free to use and open-sourced. If you value our effort and feel like helping us to keep pushing this tool forward, you can send us a small donation. We'll highly appreciate it :)

Related projects

• eth-cli: CLI swiss army knife for Ethereum developers.

[5.2.0] - 2025-06-27

Fixed

• imports-order interference with no-unused-imports #684

Added

• Added cache flag allowing to skip already evaluated files if no error was thrown and file did not change - #685
• Added multi-directory config support by hierarchy - #678
• Added better error handling on invalid configs - #683

Thanks to @smol-ninja - @PaulRBerg @lechpzn, @otc-png, @MamunC0der, @kks-code, @RidaMichofi

For making the time of proposing rules, pointing out typos, broken links, unused code, copyright, small reviews, etc. We really appreciate your contributions!

[5.1.0] - 2025-05-05

Added

• Argument to avoid discord poster - #646
• Auto-fix for no-unused-import - #648 (Thanks to @DenisGorbachev)
• New Rule: import-path-check - #657

Updated

• yml and parser update - #668 (Thanks to @zeevick10)
• cleanup deprecated code - #655
• Improved ordering rule - #656

BREAKING CHANGE

• Removed code for solhint:default ruleset - #654

Thanks to @fanqiaojun, @maximevtush, @MaxweLL22-22, @PixelPil0t1, @wgyt, @operagxsasha, @Hopium21, @leopardracer, @omahs, @zeevick10, @gap-editor, @Olexandr88, @jirutka

For making the time of pointing out typos, license update, broken links, unused code, copyright, small reviews, etc. We really appreciate your contributions!

[5.0.5] - 2025-01-16

Fixed

• gas-custom-errors #620 - Support for Custom Errors inside require statements
• compiler-version #621 - Upgraded minimum requirement for the rule
• reentrancy #622 - Fixed path and typos
• Typos #623 - Fixed typos
• Typo #625 - Fixed typo

Added

• New Rule: Duplicated Imports #626
• Cute Message on console report to gather community into discord channel

[5.0.4] - 2024-12-31

Fixed

• imports-order #595 - Replaced single quotes with double quotes
• gas-custom-errors #613 - Allows the use of Requirement with Custom Errors
• Typos and broken links #611 - #617
• Upgraded solidity-parser dependency #612

Added

• .pre-commit-hooks.yaml to allow projects to run Solhint via pre-commit #596 (Thanks to @dbast)
• Removed husky since it is not needed #612

[5.0.3] - 2024-08-03

Fixed

• imports-order #593

[5.0.2] - 2024-07-25

Fixed

• func-named-parameters exclude abi.encodeX from the rule #583 (Thanks to @0xCLARITY)
• Several typos in comments #586 (Thanks to @dropbigfish)

Added

• New Rule: Imports order #587

[5.0.1] - 2024-05-13

BREAKING CHANGES (refer to v5.0.0)

Fixed an issue on the returning values where only was evaluating the first report instead of all of them.

[5.0.0] - 2024-05-11

BREAKING CHANGES

Solhint EXIT codes

Solhint changed how the exit codes are implemented:

Exit with 0 code When execution was ok and there were no errors when evaluating the code according to the rules
Exit with 1 code When execution was ok and there are errors reported
Exit with 1 code When execution was ok and max warnings is lower than the reported warnings
Exit with 255 code When there's an error in the execution (bad config, writing not allowed, wrong parameter, file not found, etc)

Solhint QUIET mode

QUIET mode (-c quiet) option now works with the warnings and may exit with 1 if there are more than defined by user

Thanks to @juanpcapurro for providing the code

[4.5.4] - 2024-04-10

Fixed

• gas-custom-errors improved logic to ranged pragma versions #573
• gas-indexed-events #573

[4.5.2] - 2024-03-15

Updated

• Update Readme file to include all autofix rules
• Update docker file
• Update package json file

[4.5.0] - 2024-03-15

Updated

• Update dependencies in package json #548
• Custom errors rules checks from 0.8.4 forward before warning #555
• Parser support up to Solidity 0.8.22 (*)

(*) Note: Solhint can work with latest Solidity versions. If new grammar/syntax is added or changed, it could give some false positives or miss a rule. But overall functionality will work as expected.

Added

• New Rule: Interface starts with i #557

Gas Consumption Rules

• New Rule: [GC] Multitoken1155 rule #541
• New Rule: [GC] Small strings check #542
• New Rule: [GC] Indexed events #543
• New Rule: [GC] Calldata parameters #544
• New Rule: [GC] Increment by one #545
• New Rule: [GC] Struct packing #546
• New Rule: [GC] Name Return Values #552
• New Rule: [GC] Custom Errors #553 #555
• New Rule: [GC] Dot Length in Loops #559
• New Rule: [GC] Gas Strict Inequalities #560

Fixed

• explicit-types logic improved and bug free #551
• payable fallback Improved behavior #561

BREAKING CHANGES

• named-return-values rule was renamed to gas-named-return-values and now it is part of Gas Consumption ruleset #552
• custom-errors rule was renamed to gas-custom-errors and now it is part of Gas Consumption ruleset #553
• Return error 0 when executed correctly #554
• Default severity modified to WARN instead of OFF for foundry-test-functions and named-parameters-mapping rules #556

[4.1.1] - 2024-01-08

Fixed

• Fix changelog typos

[4.1.0] - 2024-01-08

Updated

• Included Sarif formatter #530 (Thanks to @eshaan7)
• Cache npm on workflows #534

Added

• Official Docker Image #524 (Thanks to @kaypee90)
• Autofix for payable-fallback rule #528
• Autofix for quotes rule #529
• Autofix for avoid-suicide rule #531
• Autofix for contract-name-camelcase rule #532
• Autofix for event-name-camelcase rule #533

Fixed

• Fix private vars leading underscore on libraries #525

[4.0.0] - 2023-10-01

Updated

• Enhance explicit types sensitivity #493 (Thanks to @vladyan18)
• Docs on private-vars-leading-underscore rule to clarify its functionality
• Changelog and docs for no-empty-blocks rule to clarify its functionality
• Require package with full path #515 (Thanks to @zouguangxian)

Added

• Check for updates on Solhint version to keep users up to date. There's an option to disable this check (--disc) #506
• fix option now shows the report on screen #509
• save option to store report on disk with the standard or the specified format #509
• Autofix for explicit-types rule #504
• Autofix for no-console rule #513
• Autofix for private-vars-leading-underscore rule #511

Fixed

• Generate docs script on Windows OS #494 (Thanks to @vladyan18)
• one-contract-per-file ignore interfaces #514 (Thanks to @cruzdanilo)

[3.6.2] - 2023-08-17

Added

• New Rule: one-contract-per-file - Enforces the use of ONE contract per file #487

Fixed

• foundry-test-functions - Modified regex to include invariant and statefulFuzz tests #484
• quotes - To allow quotes inside double quotes and vice versa #485
• JSON - Formatter returning JS object instead of standard json #490

[3.6.1] - 2023-08-11

BREAKING CHANGE

• RULE: not-rely-on-time was REMOVED from RECOMMENDED ruleset
  This was long overdue.
  Beware!! If you are relying on this rule and it is not explicitly configured (meaning there's only solhint:recommended option).
  You should add this rule manually:

  {
    "extends": "solhint:recommended",
    "rules": { 
        "not-rely-on-time": "warn", 
        "compiler-version": "off" 
    },
  }
  

  If not explicitly added, this rule will not be executed.

SPECIAL ATTENTION

• RULE: compiler-version default was updated from ^0.5.2 to ^0.8.0

Updated

• Rule: check-send-result added config clarification in the new Notes section #482
• Rule: compiler-version default was updated from ^0.5.2 to ^0.8.0 #483

Added

• New Rule: Enforces the use of Custom Errors over Require and Revert statements #475
• New Rule: Enforces the test_ prefix on a file for Foundry users #476
• New Rule: Enforces the naming of function return values #478
• Notes option on docs to add more information of each rule. See foundry-test-functions. #476

Fixed

• func-named-parameters - false positives on builtin functions #472
• ordering - treat initializer weight same as constructor #474
• check-send-result - false positive on `erc777.send()`` function #477
• explicit-types - default value is now taking into account when no value is specified in config #481
• compiler-version - default value is now taking into account when no value is specified in config #483

[3.5.1] - 2023-08-04

Updated

• Ignores empty constructors when inheriting a base contract #418
• Bump json5 from 2.1.3 to 2.2.3 #376
• Bump json-schema and jsprim #370
• Bump semver from 6.3.0 to 7.5.2 #438
• Corrected "Category" of quotes rule, added default rules list on readme #443
• 'Deprecated' column on `rules.md`` #444
• Information about maxCharacters allowed on reason-string rule #446
• E2E tests for max-warnings #455
• Replaced blacklist and whitelist words #459
• Removed runtime dependencies on load-rules #462
• Allowed $ symbol as part of naming #465
• Disabled no-empty-blocks rule for receive() function #466

Added

• New Rule: No unused imports #417
• New Rule: To treat immutable as constants #458
• New Rule: Explicit-types. To forbid/enforce full type or alias for variables declaration #467
• New Rule: Naming of Function parameters. Enforce arguments naming #468
• JSON formatter support #440
• Rules List with list-rules command #449
• E2E tests for formatters and new Compact formatter #457

Fixed

• maxWarnings parameter waiting review #439
• –fix option not working in avoid-throw rule #442
• Formatter option fixed for stdin command #450

[3.4.1] - 2023-03-06

Updated

• Updated solidity parser to 0.16.0 #420

Added

• Added github workflow to execute unit tests on each PR #412
• Added macOS and windows into E2E github workflow #422

Fixed

• False positive on for-loop Yul #400
• Ordering-rule support for Top Level statements #393
• Fix no-global-import to accept named global imports #416
• Fix named-parameters-mapping to not enforce on nested mappings #421

[3.4.0] - 2023-02-17

Updated

• Solhint dependencies to support newer versions #380
• Linter fixed to get clearer source code #381
• E2E, added formatters into repo, updated CI #385
• Solhint dependencies to support newer versions #403

Added

• New Rule: For banning "console.sol" and "import hardhat or foundry console.sol" #372
• New Rule: No global imports #390
• New Rule: Named parameters in v0.8.18 solidity version #403

Fixed

• TypeError: cannot read property 'errorCount' of undefined #351
• Directories with .sol in the name path treated as files #352
• Doc generator and added a CI step to avoid crashing #389
• Rule for banning "console.sol" and "import hardhat or foundry console.sol #391
• Option –quiet works now with all files #392
• Transfers with .call excluded from warning as low level code #394
• Made func-visibility skip free functions #396
• False positive on no-unused-vars for payable arguments without name #399

[3.3.8] - 2023-01-17

Fixed Docs and Typos

• #292
• #343
• #355
• #285

Updated

• Solidity Parser to 0.14.5 #330 - #378

TIME GAP

[2.1.0] - 2019-05-30

Added

• New compiler-version rule (see PR #112)

Fixed

• Several fixes for the mark-callable-contracts rule (PRs #115, #117 and #119)

[2.0.0] - 2019-02-15

Stable release

[2.0.0-beta.1] - 2019-01-31

Fixed

• Fix linter errors

[2.0.0-alpha.3] - 2019-01-23

Changed

• Update config initializer #103

[2.0.0-alpha.2] - 2019-01-08

Changed

• Remove prettier from rule

[2.0.0-alpha.1] - 2019-01-08

Fixed

• Package version

[2.0.0-alpha.0] - 2019-01-08

Added

• Add rulesets #73
• Add plugins support #99
• Update docs

[1.5.0] - 2018-12-26

Added

• Add not-rely-on-time to rules documentation #88
• Have --max-warnings better reflect its name #89
• Added disable-previous-line #91
• Snake case now allows for a (single) leading underscore #93

Fixed

• Fixed some comment directive tests #92

[1.4.1] - 2018-12-10

Added

• Allow to specify the path to the config file #78
• Roadmap and changelog #81

Changed

• Upgrade grammar #79

[1.4.0] - 2018-10-10

Added

• Support prettier-solidity #72

[1.3.0] - 2018-09-25

Added

• Add "Projects that use solhint" to README.md file #64
• Add prettier and airbnb #59
• Add new feature --ignore-path option #58
• Add contribution formatter parameter validation #54
• Add --max-warnings [int] option #56
• Add --quiet option #55

Changed

• Move rules sections out from README.md #65
• Complete docs and readme #61

Fixed

• Unable to satisfy indentation rules for functions with multiple return values #49