npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cleanunicorn/mythos

v0.13.0

Published

A CLI client for MythX

Downloads

118

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

joranhonigjoranhonignnnwnnnnwnmuellerberndtmuellerberndtcleanunicorncleanunicorndrdreadrdrea

Keywords

oclif

Readme

mythos

A CLI client for MythX

oclif Version Downloads Codacy Badge License: MIT CircleCI Discord

Installation

Install globally using:

$ npm -g install @cleanunicorn/mythos

Usage

Use this to scan Solidity source code.

You need to provide your MythX address and password.

As an env variable:

$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract

Or as flags:

$ mythos analyze ./contract.sol Contract \
  --mythxEthAddress=mythxEthAddress \
  --mythxPassword=mythxPassword

Example:

$ mythos analyze no-pragma.sol NoPragma

Reading contract no-pragma.sol... done
Compiling with Solidity version: latest
 ›   Warning: no-pragma.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"
 ›   contract NoPragma {
 ›   ^ (Relevant source part starts here and spans across multiple lines).
 ›
Compiling contract no-pragma.sol... done
Analyzing contract NoPragma... done

UUID: 9350d5c4-b89f-43ef-b1f7-48840fee8a02
API Version: v1.4.12
Harvey Version: 0.0.16
Maestro Version: 1.2.6
Maru Version: 0.4.2
Mythril Version: 0.20.3

Report found 2 issues
Meta:
Covered instructions: 40
Covered paths: 4
Selected compiler version: v0.4.25

Title: (SWC-106) Unprotected SELFDESTRUCT Instruction
Severity: High
Head: The contract can be killed by anyone.
Description: Anyone can kill this contract and withdraw its balance to an arbitrary address.
Source code:

no-pragma.sol 3:8
--------------------------------------------------
selfdestruct(msg.sender)
--------------------------------------------------

==================================================

Title: (SWC-103) Floating Pragma
Severity: Medium
Head: No pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently no version is set in the Solidity file.
Source code:

no-pragma.sol 1:0
--------------------------------------------------

--------------------------------------------------

==================================================

Done

Basic usage

$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.13.0 linux-x64 node-v10.19.0
$ mythos --help [COMMAND]
USAGE
  $ mythos COMMAND
...

Commands

mythos analyze CONTRACTFILE CONTRACTNAME

Scan a smart contract with MythX API

USAGE
  $ mythos analyze CONTRACTFILE CONTRACTNAME

ARGUMENTS
  CONTRACTFILE  Contract file to scan
  CONTRACTNAME  Contract name

OPTIONS
  -h, --help                         show CLI help

  --analysisMode=analysisMode        [default: quick] Define the analysis mode when requesting a scan. Choose one from:
                                     quick, full.

  --mythxEthAddress=mythxEthAddress  (required)

  --mythxPassword=mythxPassword      (required)

  --solcVersion=solcVersion          Solidity version to use when compiling (example: 0.4.21). If none is specified it
                                     will try to identify the version from the source code.

  --timeout=timeout                  [default: 180] How many seconds to wait for the result

See code: src/commands/analyze.ts

mythos get-analysis UUID

Retrieve analysis results scanned with MythX API

USAGE
  $ mythos get-analysis UUID

ARGUMENTS
  UUID  uuid to retrive analysis results

OPTIONS
  -h, --help                         show CLI help
  --mythxEthAddress=mythxEthAddress  (required)
  --mythxPassword=mythxPassword      (required)

See code: src/commands/get-analysis.ts

mythos help [COMMAND]

display help for mythos

USAGE
  $ mythos help [COMMAND]

ARGUMENTS
  COMMAND  command to show help for

OPTIONS
  --all  see all commands in CLI

See code: @oclif/plugin-help

Development

Before you start hacking away, make sure to install dependencies.

$ npm i

Add your tests, code and make sure tests work.

$ npm test

If you need to update the test golden files you need to enable GENERATE_GOLDEN when running tests.

$ GENERATE_GOLDEN=true npm test

Update version number in package.json version to the new number without v (i.e. 0.12.3)

{
  "name": "@cleanunicorn/mythos",
  "description": "A CLI client for MythX",
  "version": "0.12.3",
...

Update the Changelog section in readme and add a description of what was changed.

* [0.12.3](https://github.com/cleanunicorn/mythos/releases/tag/v0.12.3)
  * Describe new functionality added.

And run oclif to update other sections of the readme.

$ npx oclif-dev readme

Tag your commit with the same version number preceded by a v (i.e. v0.12.3).

$ git add .
$ git commit -m "Describe new functionality added."
$ git tag v0.12.3

Finally publish the package.

$ npm publish --access public

Changelog

  • 0.13.0

    • Fixed compile compatibility with solc-js.

  • 0.12.4

    • Fix build process.
    • Add steps to help with development and publishing in readme.

  • 0.12.1

    • Fix version matching in some cases. Now the version must start with the version

  • 0.11.0

    • Update eslint-utils to 1.4.2 because of a security issue.

  • 0.10.5

    • Update lodash.template to 4.5.0 because of a security issue.

  • 0.10.4

    • Fix Microsoft Windows backslash path issue when specifying contract filename the paths like folder\file.sol are transformed to folder/file.sol.
    • Remove sample output.txt file from repo.

  • 0.10.3

    • Upgrade dependencies.

  • 0.10.2

    • Update tests.
    • Do not use nightly solidity version when compiling.

  • 0.10.1

    • Improve regex expression which matches for linked libs.
    • Slightly improve output.

  • 0.10.0

    • Add newly added required parameter in request: mainSource.
    • Display errors in a more consistent way.

  • 0.9.0

    • Update to new armlet version and to new API changes

  • 0.8.1

    • Fix off by one source mapping

  • 0.8.0

    • Fix file name when running get-analysis to save response as issues-${uuid}.json
    • Make compilation errors more obvious
    • Display more information from report: compiler version used, API versions, SWC-ID, report's UUID
    • Display clear error when incorrect contract name is specified
    • Display compilation warnings

  • 0.7.0

    • Send the AST when requesting an analysis

  • 0.6.0

    • Fix external lib import, it sends the library information to MythX
    • Dump issues in a file as issues-[uuid].json for easy manual inspection

  • 0.5.2

    • Setup automatic tests

  • 0.5.1

  • 0.5.0

    • Automatically import other files (thanks to @eswarasai).
    • Fix minor issue when picking Solidty version (thanks to @eswarasai).
    • Fix issue count (thanks to @tagomaru).

  • 0.4.1

    • Update npm dependencies

  • 0.4.0

    • Correctly pick solidity version when an interval is set (thanks to @nanspro).
    • Add get-analysis command to retrieve a scanned result (thanks to @tagomaru).
    • Fix displaying severity in output list.

  • 0.3.2

    • Display message on syntax error.

  • 0.3.1

    • Add Severity to output.

  • 0.3.0

    • Request different depths of analyses with --analysisMode can be full or quick.
    • Add changelog.

  • 0.2.0

    • Stable version, first release.