npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

kritisi

v1.5.2

Published

A powerful AI-driven security audit tool for Solidity smart contracts, designed to detect vulnerabilities, enhance code quality, and ensure compliance with best practices. Ideal for developers seeking fast, reliable security insights.

Downloads

10

Readme

Kritisi: AI-Powered Security Audit Tool for Solidity Smart Contracts

CodeFactor Vulnerabilities

Kritisi is an AI-powered tool designed to analyze the security and documentation of Solidity code. This tool helps developers detect vulnerabilities, improve code quality, and ensure compliance with best practices.


✨ Key Features

  • Security Audit: Analyze Solidity code to identify security vulnerabilities with structured reporting.
  • NatSpec Documentation: Automatically add NatSpec documentation to functions within Solidity code.
  • Code Merging: Merge all imported Solidity files into a single file for streamlined development.
  • Ease of Use: CLI-based, allowing for simple and efficient interaction.
  • AI Service Support: Supports OpenAI and Groq services for flexibility.

🚀 Installation

To use Kritisi, make sure you have the latest version of Node.js installed. Then, install the tool globally using the following command:

npm install -g kritisi

📘 Usage Instructions

Once Kritisi is installed globally, you can use it from the command line by typing kritisi followed by the desired command. Here are the available commands:

  1. View Help To see a list of available commands, use:

    kritisi help

    Example output:

    Usage: kritisi [options] [command]
    
    A powerful AI-driven security audit tool for Solidity smart contracts.
    Detect vulnerabilities, enhance code quality, and ensure compliance with best practices.
    
    Options:
      -V, --version           output the version number
      -h, --help              display help for command
    
    Commands:
      setkey                 Set an API key for the selected service
      setmodel               Set the AI model for the selected service
      natspec                Process NatSpec documentation for Solidity files
      security               Run a security audit for Solidity smart contracts
      merger                 Merge all imported Solidity files into a single file
      help                   Display help information for available commands
    
    Run 'kritisi <command> --help' for detailed usage of a specific command.
  2. Set API Key Before using the AI services, you need to set up your API key. Use the following command:

    kritisi setkey --service <service>

    <service>: Specify the service to be used, such as openai or groq. Example:

    kritisi setkey --service openai

    You will be prompted to enter your API key.

  3. Set AI Model Set the AI model for the selected service, use the following command:

    kritisi setmodel --service <service>

    <service>: Specify the service to be used, such as openai or groq. Example:

    kritisi setmodel --service openai

    You will be prompted to input the model name interactively.

  4. Add NatSpec Documentation To automatically add NatSpec documentation to your Solidity code, use the following command:

    kritisi natspec --service <service> --path <path>

    <service>: Specify the AI service (e.g., openai or groq).
    <path>: Specify the path to your Solidity file. Example:

    kritisi natspec --service openai --path ./contracts/MyContract.sol
  5. Security Audit To run a security audit on your Solidity contracts, use:

    kritisi security --service <service> --path <path>

    <service>: Specify the AI service (e.g., openai or groq).
    <path>: Specify the path to your Solidity file. Example:

    kritisi security --service groq --path ./contracts/MyContract.sol

    The audit results will be saved as a PDF file in the same location as your Solidity file.

  6. Merge Solidity Files To merge all imported Solidity files into a single file, use:

    kritisi merger --path <path>

    <path>: Specify the path to your Solidity file. Example:

    kritisi merger --path ./contracts/MyContract.sol

    The merged file will be saved with _merge appended to the original file name.


📂 Example Output

Security Audit

The results are presented as a JSON report converted into a PDF file like this:

{
  "high": [
    {
      "issue": "Reentrancy vulnerability in withdraw function.",
      "suggestion": "Use the Checks-Effects-Interactions pattern.",
      "code_highlight": "function withdraw() public { ... }"
    }
  ],
  "medium": [],
  "low": []
}

File Merge

Upon successful merging, the output will indicate the location of the merged file:

✔ Files merged successfully. Output file: /absolute/path/to/MyContract_merge.sol

🤝 Contributing

We greatly appreciate your contributions! Please fork this repository and submit a pull request with your changes or additions.

🛠 Support

If you encounter any issues or have questions, please open an issue in this repository or contact us at [email protected].

📄 License

This project is licensed under the MIT License.


🎉 Thank you for using Kritisi! We hope this tool proves beneficial in enhancing the security and quality of your smart contracts.