npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

surya

v0.4.12

Published

Sūrya, The Sun God: A set of utilities for inspecting the structure of Solidity contracts.

Downloads

4,756

Readme

[ 🌐 📩 🔥 ]

npm Build Status

Sūrya, The Sun God: A Solidity Inspector

Surya is an utility tool for smart contract systems. It provides a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph in multiple ways to aid in the manual inspection of contracts.

Currently only supports Solidity but we hope to extend the tool to encompass other languages.

The name stems from the sun deity Surya

Why the sun, you ask? Because "sun" in latin and portuguese is Sol.

Getting Started

Install it via NPM:

npm install -g surya

NOTE: In order to view the graph output, you need to have graphviz installed, so that you can run the dot command.

Currently, however, the easiest way to use Surya in your project might be through VSCode's Solidity Auditor extension created by @tintinweb

vscode-solidity-auditor-interactive-graph

Command List

Surya takes in a --no-color flag with any command that disables the colors in the output making it effectively plain text.

All the commands that take in an array of files also take in a flag (-i/--import) that resolves file imports automatically. Please be aware that in the case you use Truffle's "node_modules" remapping import statements, Surya searches up the project directory recursively until it finds a contracts directory in the Truffle project up until the directory you ran the command in. This is so that we try to prevent any kind of path traversal vulnerabilities that could come from exposing Surya as a service.

All the commands that take in an array of files also take in a flag (-c/--content) that allows you to pass the actual source code contents as an argument instead of a file path (mostly useful when Surya is being used as another package's dependency).

The -i and -c flags are mutually exclusive.

graph

The graph command outputs a DOT-formatted graph of the control flow.

surya graph contracts/**/*.sol | dot -Tpng > MyContract.png

There is new flag (-s/--simple) that amkes the command chart only the contract call graph, instead of the function call graph. It's super useful for higher-level analyses!

Accepted flags

  • -i/--import - Resolve all imports automatically by fetching the right files.
  • -c/--content - Allow passing in file contents as arguments instead of file paths.
  • -s/--simple - Only show calls between contracts, without specifying the functions.
  • -m/--modifiers - Enable printing edges from functions to modifiers (when the latter are invoked in the function definitions).
  • -l/--libraries - Disable printing edges from functions to libraries when the "Using ... for" syntax is in use (to prevent libraries like SafeMath from polluting the call graph).

ftrace

The ftrace command outputs a treefied function call trace stemming from the defined "CONTRACT::FUNCTION" and traversing "all|internal|external" types of calls. External calls are marked in orange and internal calls are uncolored.

surya ftrace APMRegistry::_newRepo all MyContract.sol

Accepted flags

  • -i/--import - Resolve all imports automatically by fetching the right files.
  • -c/--content - Allow passing in file contents as arguments instead of file paths.
  • -j/--json - Return a JSON object instead of a treefied function call trace (mostly useful when Surya is being used as another package's dependency).

flatten

The flatten command outputs a flattened version of the source code, with all import statements replaced by the corresponding source code. Import statements that reference a file that has already been imported, will simply be commented out.

surya flatten MyContract.sol

describe

The describe command shows a summary of the contracts and methods in the files provided.

surya describe *.sol

Functions will be listed as:

  • [Pub] public
  • [Ext] external
  • [Prv] private
  • [Int] internal

A yellow ($)denotes a function is payable.

A red # indicates that it's able to modify state.

Accepted flags

  • -i/--import - Resolve all imports automatically by fetching the right files.
  • -c/--content - Allow passing in file contents as arguments instead of file paths.

inheritance

The inheritance command outputs a DOT-formatted graph of the inheritance tree. For Windows machines, the > should be replaced with -o.

surya inheritance MyContract.sol | dot -Tpng > MyContract.png

Accepted flags

  • -i/--import - Resolve all imports automatically by fetching the right files.
  • -c/--content - Allow passing in file contents as arguments instead of file paths.

dependencies

The dependencies command outputs the c3-linearization of a given contract's inheritance graph. Contracts will be listed starting with most-derived, ie. if the same function is defined in more than one contract, the solidity compiler will use the definition in whichever contract is listed first.

surya dependencies Exchange Exchange.sol

Accepted flags

  • -i/--import - Resolve all imports automatically by fetching the right files.
  • -c/--content - Allow passing in file contents as arguments instead of file paths.

parse

The parse command outputs a treefied AST object coming from the parser.

Accepted flags

  • -j/--json - Return a JSON object instead of a treefied object.
surya parse MyContract.sol

mdreport

The mdreport command creates a Markdown description report with tables comprising information about the system's files, contracts and their functions. Much like describe but outputting to a nicely formatted Markdown file.

surya mdreport report_outfile.md MyContract.sol

License

GPL-3.0

Kudos

Created by @federicobond extended by @GNSPS