Solium’s Official Security Plugin

Today we’re releasing the official security plugin for Solium.

Although Solium’s core focus is both style and security of your Solidity Smart contracts, we chose to keep the security lint rules as a separate plugin for the sake of simplicity. The rules have been taken from Consensys’ Recommended Smart Contract Practices and Solium’s Rule Wishlist.

Starting v1.0.1 this plugin comes pre-installed in Solium so you need not do anything extra to apply the security rules!

So the simplest way to get started is to npm install -g solium@v1-beta , then cd into your DApp and run solium --init . The created .soliumrc.json will include the entry for the security plugin. You can run the linter using solium -d contracts/ to see the security rules working their magic.

If you’re using v1.0.0 we recommend that you update to v1.0.1 , then add an entry in your .soliumrc.json — "plugins": ["security"] .

As a side-effect of this, if you’d like to only lint your contracts for security and omit the style rules, you can remove everything from your .soliumrc.json except the plugins entry, so the configuration file would look like:

{
    "plugins": ["security"]
}

See the Docs for complete information on this plugin and configuring its rules.

We will continue to add more security rules to the plugin so contract developers can be extremely confidant of the code they’re deploying in production!