npm - @cyfrin/aderyn - Versions diffs - 0.5.6 → 0.5.8 - Mend

@cyfrin/aderyn 0.5.6 → 0.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,14 +1,7 @@
-> ⚠️ **Installing via crates is no longer fully supported. `cyfrinup` is the preferred installation method.**.
->
-> For the best experience, please remove the legacy crate installation by running `cargo uninstall aderyn`, and use `cyfrinup` instead.
->
-> Full install instructions are [here](#installation).
 <p align="center">
     <br />
     <a href="https://cyfrin.io/">
-        <img src="../.github/images/aderyn_logo.png" width="400" alt=""/></a>
+        <img src="https://github.com/Cyfrin/aderyn/blob/dev/.github/images/aderyn_logo.png" width="400" alt=""/></a>
     <br />
 </p>
 <p align="center"><strong>A powerful Solidity static analyzer that takes a bird's eye view over your smart contracts.
@@ -16,15 +9,13 @@
 <p align="center">
     <br />
     <a href="https://cyfrin.io/">
-        <img src="../.github/images/poweredbycyfrinblue.png" width="145" alt=""/></a>
+        <img src="https://github.com/Cyfrin/aderyn/blob/dev/.github/images/poweredbycyfrinblue.png" width="145" alt=""/></a>
     <br />
 </p>
 <p align="center">
-<a href="https://docs.cyfrin.io">Docs</a>
-<a href="https://discord.gg/cyfrin">Get support</a>
-<a href="https://cyfrin.io">Website</a>
+<a href="https://cyfrin.gitbook.io/cyfrin-docs/aderyn-cli/readme">Docs</a>
+<a href="https://discord.gg/cyfrin">Discord</a>
 <a href="https://twitter.com/cyfrinaudits">Twitter</a>
 <p>
@@ -39,170 +30,113 @@
 </div>
 ## What is Aderyn?
-**Aderyn is an open-source public good developer tool.** It is a Rust-based solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.
-Thanks to its collection of static vulnerability detectors, running Cyfrin Aderyn on your Solidity codebase will **highlight potential vulnerabilities**, drastically reducing the potential for unknown issues in your Solidity code and giving you the time to focus on more complex problems.
+**Aderyn is an open-source public good developer tool.** It is a Rust-based solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.
-Built using **Rust**, Aderyn integrates seamlessly into small and **enterprise-level development workflows**, offering lighting-fast command-line functionality and a framework to [build custom detectors](https://docs.cyfrin.io/aderyn-custom-detectors/what-is-a-detector) to adapt to your codebase.
+You can read the [Cyfrin official documentation](https://cyfrin.gitbook.io/cyfrin-docs/aderyn-cli/readme) for an in-depth look at Aderyn's functionalities.
-You can read the [Cyfrin official documentation](https://docs.cyfrin.io) for an in-depth look at Aderyn's functionalities.
+There is also an officially supported [VSCode extension](https://github.com/Cyfrin/vscode-aderyn/) for Aderyn. Download from the [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=Cyfrin.aderyn&ssr=false#overview) and start identifying vulnerabilities in your Solidity code with ease.
 ## Features
-* Supports any development framework (Foundry/Hardhat/Truffle/etc)
-* Modular [detectors](../aderyn_core/src/detect/)
-* AST Traversal
-* Markdown reports
+- Off the shelf support for Foundry projects.
+- Off the shelf support for Hardhat projects. (Sometimes `remappings.txt` maybe required)
+- Configuration file (`adeyrn.toml`) needed to support custom frameworks.
+- Markdown, JSON and Sarif reports
 ## Installation
-**Suggested VSCode extensions:**
-[rust-analyzer](https://marketplace.visualstudio.com/items?itemName=dustypomerleau.rust-syntax) - Rust language support for Visual Studio Code
-[Rust Syntax](https://marketplace.visualstudio.com/items?itemName=dustypomerleau.rust-syntax) - Improved Rust syntax highlighting
+> **NOTE** Windows users must have WSL installed
 ### Using Cyfrinup
-> Note: If you previously installed aderyn using cargo, run `cargo uninstall aderyn` before using `cyfrinup` to avoid conflicts.
+**Cyfrinup** is the cross platform installation manager for Cyfrin tools.
-#### Step 1: Install Cyfrinup
+[One time setup](https://github.com/Cyfrin/up).
-Cyfrinup is a CLI tool that simplifies the installation and management of Cyfrin tools. To install Cyfrinup, run the following command in your terminal:
-```sh
-curl -L https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | bash
-```
+Run `aderyn --version` to check the installation.
-#### Step 2: Update Path
+Run `cyfrinup` to upgrade everything to the latest version.
-The installer will prompt you to run a `source` command. Either run this command, or reload your terminal.
-#### Step 3: Install Aderyn using Cyfrinup
-After installing Cyfrinup, you can use it to install Aderyn. Run the following command in your terminal:
-```sh
-cyfrinup
-```
+---
-#### Step 4: Verify installation
+### Using curl
 ```sh
-aderyn --version
+curl --proto '=https' --tlsv1.2 -LsSf https://github.com/cyfrin/aderyn/releases/latest/download/aderyn-installer.sh | bash
 ```
-#### Future Updates
+##### Upgrade older versions by running: `aderyn-update`
-To update Aderyn to the latest version, you can run the cyfrinup:
-```sh
-cyfrinup
-```
-Cyfrinup will replace the existing version with the latest one.
+---
-## Quick Start
-Once Aderyn is installed on your system, you can run it against your Foundry-based codebase to find vulnerabilities in your code.
+### Using Homebrew
-We will use the [aderyn-contracts-playground](https://github.com/Cyfrin/aderyn-contracts-playground) repository in this example. You can follow along by cloning it to your system:
-```sh
-git clone https://github.com/Cyfrin/aderyn-contracts-playground.git
-```
-Navigate inside the repository:
 ```sh
-cd aderyn-contracts-playground
+brew install cyfrin/tap/aderyn
 ```
-We usually use several smart contracts and tests to try new detectors. Build the contracts by running:
-```sh
-forge build
-```
-Once your smart contracts have been successfully compiled, run Aderyn using the following command:
-```sh
-aderyn [OPTIONS] path/to/your/project
-```
-Replace [OPTIONS] with specific command-line arguments as needed.
-For an in-depth walkthrough on how to get started using Aderyn, check the [Cyfrin official docs](https://docs.cyfrin.io/aderyn-static-analyzer/quickstart)
-### Arguments
-Usage: `aderyn [OPTIONS] <ROOT>`
-`<ROOT>`: The path to the root of the codebase to be analyzed. Defaults to the current directory.
+##### Upgrade older versions by running: `brew upgrade cyfrin/tap/aderyn`
-Options:
-  - `-s`, `--src`: Path to the source contracts. Used to avoid analyzing libraries, tests or scripts and focus on the contracts. If not provided, or if aderyn can't find famous files to read (like `foundry.toml`, which it automatically searches for) the ROOT directory will be used.
-    - In foundry projects, this is usually the `src/` folder unless stated otherwise in `foundry.toml`.
-    - In Hardhat projects, this is usually the `contracts/` folder unless stated otherwise in the config.
-  - `-i`, `--path-includes <PATH_INCLUDES>`: List of path strings to include, delimited by comma (no spaces). It allows to include only one or more specific contracts in the analysis. Any solidity file path not containing these strings will be ignored.
-  - `-x`, `--path-excludes <PATH_EXCLUDES>`: List of path strings to exclude, delimited by comma (no spaces). It allows to exclude one or more specific contracts from the analysis. Any solidity file path containing these strings will be ignored
-  - `-o`, `--output <OUTPUT>`: Desired file path for the final report (will overwrite the existing one) [default: report.md]
-  - `-n`, `--no-snippets`: Do not include code snippets in the report (reduces report size in large repos)
-  - `-h`, `--help`: Print help
-  - `-V`, `--version`: Print version
-You must provide the root directory of the repo you want to analyze. Alternatively, you can provide a single Solidity file path (this mode requires [Foundry](https://book.getfoundry.sh/) to be installed).
+---
-Examples:
+### Using npm
 ```sh
-aderyn /path/to/your/foundry/project/root/directory/
+npm install @cyfrin/aderyn -g
 ```
-Find more examples on the official [Cyfrin Docs](https://docs.cyfrin.io)
-## Building a custom Aderyn detector
-Aderyn makes it easy to build Static Analysis detectors that can adapt to any Solidity codebase and protocol. This guide will teach you how to build, test, and run your custom Aderyn detectors.
-To learn how to create your custom Aderyn detectors, [checkout the official docs](https://docs.cyfrin.io/aderyn-custom-detectors/detectors-quickstart)
+##### Upgrade older versions by (re)running: `npm install @cyfrin/aderyn -g`
-## Docker
+---
-You can run Aderyn from a Docker container.
+If you are installing with Curl or Homebrew or npm, ensure that the correct version of Aderyn in your path comes from either the Homebrew or npm global packages directory. If an older version exists at `~/.cyfrin/bin/aderyn`, remove it using `rm -f ~/.cyfrin/bin/aderyn`, as this is no longer the default installation location.
-Build the image:
-```sh
-  docker build -t aderyn .
-```
-`/path/to/project/root` should be the path to your Foundry or Hardhat project root directory and it will be mounted to `/share` in the container.
+## Quick Start
+[Quick Start](https://cyfrin.gitbook.io/cyfrin-docs/aderyn-cli/quickstart) example with video guide.
-Run Aderyn:
-```sh
-  docker run -v /path/to/project/root/:/share aderyn
 ```
-Run with flags:
-```sh
-  docker run -v /path/to/project/root/:/share aderyn -h
+cd path/to/solidity/project/root
+aderyn
 ```
-## Single Solidity File Mode
+This generates a [report.md](https://github.com/Cyfrin/aderyn/blob/dev/reports/report.md)
-If it is a Solidity file path, then Aderyn will create a temporary Foundry project, copy the contract into it, compile the contract and then analyze the AST generated by that temporary project.
+See examples using more CLI options [here](https://cyfrin.gitbook.io/cyfrin-docs/cli-options)
+## VS Code extension
+Officially supported [VSCode extension](https://github.com/Cyfrin/vscode-aderyn/) for Aderyn.
+Download from [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=Cyfrin.aderyn&ssr=false#overview)
 ## Contributing & License
-Help us build Aderyn 🦜 Please see our [contribution guidelines](./CONTRIBUTING.md).
+Help us build Aderyn 🦜 Please see our [contribution guidelines](./CONTRIBUTING.md) for in-depth developer environment setup and PR approval process.
 Aderyn is an open-source software licensed under the [GPL-3.0 License](./LICENSE).
-To build Aderyn locally:
-1. [Install Rust](https://www.rust-lang.org/tools/install),
-2. Clone this repo and `cd aderyn/`,
-3. `make`,
-4. Use [`cargo`](https://doc.rust-lang.org/cargo/getting-started/first-steps.html) commands to build, test and run locally.
+## Building a custom Aderyn detector
+Aderyn makes it easy to build Static Analysis detectors that can adapt to any Solidity codebase and protocol. This guide will teach you how to build, test, and run your custom Aderyn detectors.
+To learn how to create your custom Aderyn detectors, [checkout the official docs](https://cyfrin.gitbook.io/cyfrin-docs/aderyn-cli/detectors-quickstart)
 ## Credits
-This project exists thanks to all the people who [contribute](../CONTRIBUTING.md).<br>
+This project exists thanks to all the people who [contribute](/CONTRIBUTING.md).<br>
 <a href="https://github.com/cyfrin/Aderyn/graphs/contributors">
   <img src="https://contrib.rocks/image?repo=cyfrin/Aderyn" />
 </a>
 ## Attribution
-* AST Visitor code from [solc-ast-rs](https://github.com/hrkrshnn/solc-ast-rs).
-* Original detectors based on [4naly3er](https://github.com/Picodes/4naly3er) detectors.
-* Shoutout to the original king of static analysis [slither](https://github.com/crytic/slither).
+- AST Visitor code from [solc-ast-rs](https://github.com/hrkrshnn/solc-ast-rs).
+- Foundry Compilers for backend AST generation [foundry-compilers](https://github.com/foundry-rs/compilers)
+- Original detectors based on [4naly3er](https://github.com/Picodes/4naly3er) detectors.
+- Shoutout to the original king of static analysis [slither](https://github.com/crytic/slither).
+- Solidity AST Generator [solidity-ast-rs](https://github.com/Cyfrin/solidity-ast-rs).
 [contributors-shield]: https://img.shields.io/github/contributors/cyfrin/aderyn
 [contributors-url]: https://github.com/cyfrin/aderyn/graphs/contributors

package/npm-shrinkwrap.json CHANGED Viewed

@@ -23,7 +23,7 @@
       "hasInstallScript": true,
       "license": "MIT",
       "name": "@cyfrin/aderyn",
-      "version": "0.5.6"
+      "version": "0.5.8"
     },
     "node_modules/@isaacs/cliui": {
       "dependencies": {
@@ -713,5 +713,5 @@
     }
   },
   "requires": true,
-  "version": "0.5.6"
+  "version": "0.5.8"
 }

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "artifactDownloadUrl": "https://github.com/cyfrin/aderyn/releases/download/aderyn-v0.5.6",
+  "artifactDownloadUrl": "https://github.com/cyfrin/aderyn/releases/download/aderyn-v0.5.8",
   "author": "Cyfrin <aderyn@cyfrin.io>",
   "bin": {
     "aderyn": "run-aderyn.js"
@@ -77,7 +77,7 @@
       "zipExt": ".tar.xz"
     }
   },
-  "version": "0.5.6",
+  "version": "0.5.8",
   "volta": {
     "node": "18.14.1",
     "npm": "9.5.0"