From 569b0628d1fdece6b51eabca723b99e44d208357 Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 16 Nov 2023 21:49:22 -0500 Subject: [PATCH 1/3] Added remapping FAQ to README --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 0f548d6b88..f9307f689e 100644 --- a/README.md +++ b/README.md @@ -274,6 +274,22 @@ If you have a `node_modules/` folder, it must be in the same directory as `contr run the compilation command for the framework you are using e.g `npx hardhat compile`. That must work successfully; otherwise, slither's compilation engine, crytic-compile, cannot generate the AST. +* If `node_modules/` is not in your `contracts/` directory of your project, you will need to involve **remappings**. If a project has dependencies like OpenZeppelin or Chainlink, but you want to run Slither on a single `.sol` file or use [slither's tools](https://github.com/crytic/slither#tools) like `slither-check-erc`, you can add the `--solc-remaps @=node_modules/@` flag and/or configure `slither.config.json` in your project's root with the remapping. If `slither.config.json` remappings are setup the flag is no longer needed unless using [slither's tools](https://github.com/crytic/slither#tools). Foundry projects also require remappings if you want to analyze a specific `.sol` file that requires imports. Read more here: [Foundry Static Analysis Docs](https://book.getfoundry.sh/config/static-analyzers). + +slither.config.json: +```json +{ + "solc_remaps": "@=node_modules/@" +} +``` +Explicit examples using hardhat: +```bash +slither contracts/MemeCoin.sol --solc-remaps @=node_modules/@ +``` +```bash +slither-check-erc contracts/MemeCoin.sol MemeCoin --solc-remaps @=node_modules/@ +``` + ## License Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms. From 5ac7d0a7e70aa01332fecb5e877c244b0cfc7a6b Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 17 Nov 2023 16:26:07 -0500 Subject: [PATCH 2/3] README.md remappings FAQ cleanup --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f9307f689e..8095122f95 100644 --- a/README.md +++ b/README.md @@ -274,18 +274,22 @@ If you have a `node_modules/` folder, it must be in the same directory as `contr run the compilation command for the framework you are using e.g `npx hardhat compile`. That must work successfully; otherwise, slither's compilation engine, crytic-compile, cannot generate the AST. -* If `node_modules/` is not in your `contracts/` directory of your project, you will need to involve **remappings**. If a project has dependencies like OpenZeppelin or Chainlink, but you want to run Slither on a single `.sol` file or use [slither's tools](https://github.com/crytic/slither#tools) like `slither-check-erc`, you can add the `--solc-remaps @=node_modules/@` flag and/or configure `slither.config.json` in your project's root with the remapping. If `slither.config.json` remappings are setup the flag is no longer needed unless using [slither's tools](https://github.com/crytic/slither#tools). Foundry projects also require remappings if you want to analyze a specific `.sol` file that requires imports. Read more here: [Foundry Static Analysis Docs](https://book.getfoundry.sh/config/static-analyzers). +* If `node_modules/` is not in the `contracts/` directory of your project, you may need to use **remappings**. If a project has dependencies such as OpenZeppelin and you want to run Slither on a single `.sol` file or use a [slither tool](https://github.com/crytic/slither#tools) like `slither-check-erc`, add the remapping on the command line e.g. `--solc-remaps @=node_modules/@` or to the `slither.config.json` in your project's root. Note, this should not be required for Foundry projects as it is handled automatically. slither.config.json: + ```json { "solc_remaps": "@=node_modules/@" } ``` + Explicit examples using hardhat: + ```bash slither contracts/MemeCoin.sol --solc-remaps @=node_modules/@ ``` + ```bash slither-check-erc contracts/MemeCoin.sol MemeCoin --solc-remaps @=node_modules/@ ``` From abf518dcb3313298db4ce20a5999d84ae7539f14 Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 17 Nov 2023 16:47:48 -0500 Subject: [PATCH 3/3] README.md remappings FAQ --- README.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 8095122f95..be34056e29 100644 --- a/README.md +++ b/README.md @@ -274,7 +274,7 @@ If you have a `node_modules/` folder, it must be in the same directory as `contr run the compilation command for the framework you are using e.g `npx hardhat compile`. That must work successfully; otherwise, slither's compilation engine, crytic-compile, cannot generate the AST. -* If `node_modules/` is not in the `contracts/` directory of your project, you may need to use **remappings**. If a project has dependencies such as OpenZeppelin and you want to run Slither on a single `.sol` file or use a [slither tool](https://github.com/crytic/slither#tools) like `slither-check-erc`, add the remapping on the command line e.g. `--solc-remaps @=node_modules/@` or to the `slither.config.json` in your project's root. Note, this should not be required for Foundry projects as it is handled automatically. +* If `node_modules/` is not in the `contracts/` directory of your project, you may need to use **remappings**. If a project has dependencies such as OpenZeppelin and you want to run Slither on a single `.sol` file, add the remapping on the command line e.g. `--solc-remaps @=node_modules/@` or to the `slither.config.json` in your project's root. Note, this should not be required for Foundry projects as it is handled automatically. slither.config.json: @@ -284,16 +284,12 @@ slither.config.json: } ``` -Explicit examples using hardhat: +Explicit example using hardhat: ```bash slither contracts/MemeCoin.sol --solc-remaps @=node_modules/@ ``` -```bash -slither-check-erc contracts/MemeCoin.sol MemeCoin --solc-remaps @=node_modules/@ -``` - ## License Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.