Where communities thrive

Join over 1.5M+ people
Join over 100K+ communities
Free without limits
Create your own community

Explore more communities

solhint/Lobby

Open source Solidty linter, providing both Security and Style Guide validations. https://github.com/protofire/solhint

People

Repo info

Activity

Clément Lakhal

@clemlak

So the Atom plugin is using "solhint": "^1.1.9"

I changed it to the last beta

But I had to install my custom plug within the atom package to have the error within Atom

Well, by « error » I mean the « warning » related to my custom rule

Nicolás Venturo

@nventuro

hello! I hope people still use this :sweat_smile:

Mariano Aguero

@mariano-aguero

Hi @nventuro !

How are you?

Nicolás Venturo

@nventuro

@fvictorio @mariano-aguero i'm planning on writing a small plugin to detect usage of msg.sender and msg.data. Do you a) know how feasible this is, and b) have any pointers as to how I would go about doing such a thing?

Mariano Aguero

@mariano-aguero

a) There is a documentation about plugins right here , you can take a look, https://github.com/protofire/solhint/blob/master/docs/writing-plugins.md
b) I think we should do some research to find different solutions and the feasibility of doing it

Franco Victorio

@fvictorio

Yes, a plugin is the way to go, unless you think its usefulness is broad enough to be in the core rules

Let me check what is the best way to filter for those nodes

Uhm, the grammar doesn't seem to have a special node for "property access" expressions, that's unfortunate

Franco Victorio

@fvictorio

I've been wanting to migrate solhint to use solidity-parser-antlr instead of using the underlying grammar directly, this is a very good reason to do it

Anyway, if you want to give it a try now, you can check how the MemberAccess node is identified: https://github.com/federicobond/solidity-parser-antlr/blob/022f978e8c6523e7a0ce0793b7578a4654fd2898/src/ASTBuilder.js#L567

From what I understand: when you visit a Expression node, you check if it has 3 children and if the middle one is a .

Nicolás Venturo

@nventuro

that's a great starting point, thanks!

Franco Victorio

@fvictorio

:+1: Let us know if we can help

cgewecke

@cgewecke

Hi @fvictorio @mariano-aguero. I help maintain solidity-coverage and eth-gas-reporter. I just wanted to let you know that I have commented on a PR which adds solhint as a dependency to Truffle here: https://github.com/trufflesuite/truffle/pull/2316#issuecomment-523118535

I am raising a concern about plugins being encapsulated in their webpack because I believe it results in npm download and Github "used by" data disappearing for the projects they include this way.

cgewecke

@cgewecke

Apologies in advance if I've made something more complicated than you would like or gotten in the middle of something that's nothing to do with me - I will happily defer to whatever your view about it is if you're going to weigh in over there.

Pablo Fullana

@pablofullana

hey. I see, thanks for the heads up!

Franco Victorio

@fvictorio

Hi @cgewecke, I just read the conversation in that PR. Thanks a lot for the comment!

While we are probably fine with the stats being down (since in return we'd be in truffle by default, which is great), I understand your concern and I wouldn't like to set a precedent that could affect other projects

I see that they got it too, so it will probably be done in some other way

(Btw, eth-gas-reporter is awesome)

cgewecke

@cgewecke

@fvictorio Ah! That's very nice of you although I regret the comment now - I should have asked you about this issue first. If you're fine being inside the bundle that's entirely reasonable. It's great for people using the tool which is what matters.

shreyas-coinlist

@shreyas-coinlist

Hey everyone, we're doing a workshop on Testing Smart Contracts with Veronica Zheng, an Engineer at Coinbase, today at 10 AM PST. This will be a live and interactive workshop where you can ask questions. We'll also be talking about how to detect common vulnerabilities with Solhint.

Check out more information and join here:
https://twitter.com/CoinList/status/1197238977666994178

Jordan Ellis Coppard

@tsujp

Is this still under development?

Does solhint work with st3?

Franco Victorio

@fvictorio

It is

What do you mean by st3?

Neil Duffy

@skiv71

Hi, is it dead in here?

Pablo Fullana

@pablofullana

hey!

Neil Duffy

@skiv71

hey... not sure if I need help here, using vscode-solidity and it doesn't appear to be using solhint

but if it is, I need a way to ignore sdpx (and the warning)

Pablo Fullana

@pablofullana

you mean this one? https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity ?

Neil Duffy

@skiv71

yea

Fernando

@fernandomg

hello Neil, I just did a clean install of the plugin, and I'm not getting any warning about SPDX license. This surely is not related to solhint, but we can try to help you with it

Neil Duffy

@skiv71

it's ok for now, I suspect the actual plugin could be doing this... but I can enable solhint / solium as linter, which I'm assuming would then rectify this... I'll try that later... thanks for the responses :smile:

Fernando

@fernandomg

:ok_hand:

Cyril Lapinte

@sirhill

Hi guys, big fan of solhint here.
I've mentionned solhint on a solidty issue (ethereum/solidity#11002).
I am interested to have your though on it.

Pablo Fullana

@pablofullana

hey @sirhill thanks for bringing this up

sounds reasonable!

would you mind opening an issue in Solhint repo if Solidity team decides to follow your approach?

Cyril Lapinte

@sirhill

Of course.

Pablo Fullana

@pablofullana

thank you so much

Lukas Hönig

@lhoenig

Hi, any idea why I get different results from solhint when using it through @nomiclabs/hardhat-solhint? I just followed the tutorial and am using the default config generated through solhint --init.

Lukas Hönig

@lhoenig

I found it, @nomiclabs/hardhat-solhint uses an outdated solhint version.

Blockchain Developer

@kidofblockchain:matrix.org

[m]

unable to download this

looking to get help

Chat via Matrix