Package Exports

solaudit-cli
solaudit-cli/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (solaudit-cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

solaudit

Solidity smart contract security auditor CLI. Scan for vulnerabilities, gas optimizations, and best practices.

Installation

npm install -g solaudit-cli

Usage

# Audit a single contract
solaudit audit Contract.sol

# Audit all contracts in directory
solaudit audit ./contracts/ -r

# Quick security check
solaudit check MyToken.sol

# Gas optimization analysis
solaudit gas Contract.sol

# List all vulnerability patterns
solaudit patterns

Commands

`audit <path>`

Full security audit of Solidity contracts.

solaudit audit Contract.sol
solaudit audit ./contracts/ -r           # Recursive scan
solaudit audit . -s high                  # Only high+ severity
solaudit audit . --gas --best-practices  # Include all checks
solaudit audit . -o markdown --save report.md

Options:

-r, --recursive - Scan directories recursively
-s, --severity <level> - Minimum severity: low, medium, high, critical
--gas - Include gas optimization suggestions
--best-practices - Include best practice checks
-o, --output <format> - Output: table, json, markdown
--save <file> - Save report to file

`check <file>`

Quick security check on a single file.

solaudit check Token.sol

`gas <file>`

Analyze gas optimization opportunities.

solaudit gas Contract.sol

`patterns`

List all vulnerability patterns that solaudit checks for.

solaudit patterns
solaudit patterns --category reentrancy

What It Checks

Security Vulnerabilities

Reentrancy - State changes after external calls
Integer overflow/underflow - Unchecked arithmetic
Access control - Missing modifiers, public functions
Unchecked returns - Ignored call return values
Tx.origin - Authentication using tx.origin
Delegatecall - Dangerous delegatecall patterns
Self-destruct - Unprotected selfdestruct

Gas Optimizations

Storage vs memory usage
Loop optimizations
Redundant operations
Caching opportunities

Best Practices

Naming conventions
Code organization
Documentation coverage

Example Output

═══════════════════════════════════════
  SOLAUDIT SECURITY REPORT
═══════════════════════════════════════

Contracts scanned: 3
Issues found: 5

🔴 CRITICAL (1)
───────────────────────────────────────
  Vault.sol:45 - Reentrancy vulnerability
  State change after external call to untrusted address

🟡 HIGH (2)  
───────────────────────────────────────
  Token.sol:23 - Unchecked transfer return value
  Token.sol:67 - Missing access control on mint()

🔵 MEDIUM (2)
───────────────────────────────────────
  Vault.sol:12 - Use of tx.origin for authentication
  Token.sol:89 - Floating pragma

Exit Codes

0 - Audit passed (no critical issues)
1 - Critical issues found

Use in CI/CD pipelines:

solaudit audit ./contracts/ -s critical && echo "Security check passed"

Why solaudit?

Fast - Static analysis, no compilation needed
Comprehensive - 50+ vulnerability patterns
CI/CD ready - Exit codes for pipeline integration
Actionable - Clear fixes and line numbers
Extensible - Custom pattern support

Built by LXGIC Studios

🔗 GitHub · Twitter