crytic · dguido · Nov 28, 2025
@@ -1,20 +1,20 @@
---- 
-body: 
-  - 
-    attributes: 
+---
+body:
+  -
+    attributes:
       label: "What operating system are you using?"
     id: os
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       label: "How did you install slither?"
       description: |
         For example, using git or python's pip.
     id: install-method
     type: textarea
-    validations: 
+    validations:
       required: true
   - type: dropdown
     id: python
@@ -25,14 +25,14 @@ body:
         - "Yes"
         - "No"
         - "Not sure"
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          Please copy and paste any relevant log output. This 
+          Please copy and paste any relevant log output. This
           will be automatically formatted into code, so no need for backticks.
       render: shell
       label: "Output of running `slither-doctor .`:"
     id: logs
-labels: 
+labels:
   - installation-help
 title: "[Installation-Help]: "
@@ -1,54 +1,54 @@
---- 
-body: 
-  - 
-    attributes: 
+---
+body:
+  -
+    attributes:
       value: |
-          Please check the issues tab to avoid duplicates, and 
+          Please check the issues tab to avoid duplicates, and
           confirm that the bug exists on the latest release (upgrade
           by running `python3 -m pip install --upgrade slither-analyzer`).
-          
+
           If you are having difficulty installing slither,
           please head over to the "Discussions" page.
-          
+
           Thanks for taking the time to fill out this bug report!
     type: markdown
-  - 
-    attributes: 
+  -
+    attributes:
       label: "Describe the issue:"
     id: what-happened
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: "It can be a github repo (preferred), etherscan link, or code snippet."
       label: "Code example to reproduce the issue:"
       placeholder: "`contract A {}`\n"
     id: reproduce
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
           What version of slither are you running?
           Run `slither --version`
       label: "Version:"
     id: version
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          Please copy and paste any relevant log output. This 
+          Please copy and paste any relevant log output. This
           will be automatically formatted into code, so no need for backticks.
       render: shell
       label: "Relevant log output:"
     id: logs
     type: textarea
 description: "File a bug report"
-labels: 
+labels:
   - bug-candidate
 name: "Bug Report"
 title: "[Bug-Candidate]: "
@@ -1,61 +1,61 @@
---- 
-body: 
-  - 
-    attributes: 
+---
+body:
+  -
+    attributes:
       value: |
-          Please check the issues tab to avoid duplicates. 
+          Please check the issues tab to avoid duplicates.
           Thanks for helping make Slither the best it can be!
     type: markdown
-  - 
-    attributes: 
+  -
+    attributes:
       label: "What bug did Slither miss and which detector did you anticipate would catch it?"
     id: what-happened
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
+  -
     attributes:
       label: Frequency
       description: How often do you run across this false negative?
       options:
         - Very Frequently
-        - Occasionally 
+        - Occasionally
         - Rarely
         - Not sure
     id: frequency
     type: dropdown
     validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: "It can be a github repo, etherscan link, or code snippet."
       label: "Code example to reproduce the issue:"
       placeholder: "`contract A {}`\n"
     id: reproduce
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          What version of slither are you running? 
+          What version of slither are you running?
           Run `slither --version`
       label: "Version:"
     id: version
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          Please copy and paste the result output. This 
+          Please copy and paste the result output. This
           will be automatically formatted into code, so no need for backticks.
       render: shell
       label: "Relevant log output:"
     id: logs
     type: textarea
 description: "Slither missed a bug it should find."
-labels: 
+labels:
   - false-negative
 name: False Negative
 title: "[False Negative]: "
@@ -1,61 +1,61 @@
---- 
-body: 
-  - 
-    attributes: 
+---
+body:
+  -
+    attributes:
       value: |
-          Please check the issues tab to avoid duplicates. 
+          Please check the issues tab to avoid duplicates.
           Thanks for helping make Slither the best it can be!
     type: markdown
-  - 
-    attributes: 
+  -
+    attributes:
       label: "Describe the false alarm that Slither raise and how you know it's inaccurate:"
     id: what-happened
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
+  -
     attributes:
       label: Frequency
       description: How often do you run across this false positive?
       options:
         - Very Frequently
-        - Occasionally 
+        - Occasionally
         - Rarely
         - Not sure
     id: frequency
     type: dropdown
     validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: "It can be a github repo, etherscan link, or code snippet."
       label: "Code example to reproduce the issue:"
       placeholder: "`contract A {}`\n"
     id: reproduce
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          What version of slither are you running? 
+          What version of slither are you running?
           Run `slither --version`
       label: "Version:"
     id: version
     type: textarea
-    validations: 
+    validations:
       required: true
-  - 
-    attributes: 
+  -
+    attributes:
       description: |
-          Please copy and paste the result output. This 
+          Please copy and paste the result output. This
           will be automatically formatted into code, so no need for backticks.
       render: shell
       label: "Relevant log output:"
     id: logs
     type: textarea
 description: "Slither warned of an issue that is not legitimate and does not need to be fixed."
-labels: 
+labels:
   - false-positive
 name: "False Positive"
 title: "[False-Positive]: "
@@ -14,4 +14,4 @@ body:
       label: Describe the desired feature
       description: Explain what the feature solves/ improves.
     validations:
-      required: true
+      required: true
@@ -1,8 +1,8 @@
 ---
 version: 2
 updates:
-    - package-ecosystem: "github-actions"
-      directory: "/"
-      target-branch: "dev"
-      schedule:
-        interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: "dev"
+    schedule:
+      interval: "weekly"
@@ -33,14 +33,14 @@ abstract: >-
   SlithIR uses Static Single Assignment (SSA) form and a
   reduced instruction set to ease implementation of analyses
   while preserving semantic information that would be lost
-  in transforming Solidity to bytecode. 
+  in transforming Solidity to bytecode.
 
   Slither allows for the application of commonly used
   program analysis techniques like dataflow and taint
   tracking.
 
 
-  Our framework has four main use cases: 
+  Our framework has four main use cases:
 
   (1) automated detection of vulnerabilities,
 
@@ -50,7 +50,7 @@ abstract: >-
   (3) improvement of the user's understanding of the
   contracts, and
 
-  (4) assistance with code review.  
+  (4) assistance with code review.
 keywords:
   - Ethereum
   - Static Analysis

@@ -47,6 +47,15 @@ A code walkthrough is available [here](https://www.youtube.com/watch?v=EUl3UlYSl
 
 Instructions for installing a development version of Slither can be found in our [wiki](https://github.com/crytic/slither/wiki/Developer-installation).
 
+For development setup, we use [uv](https://github.com/astral-sh/uv):
+```bash
+# Install uv if you haven't already
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Setup development environment
+make dev  # Creates venv and installs all dependencies
+```
+
 To run the unit tests, you need to clone this repository and run `make test`. Run a specific test with `make test TESTS=$test_name`. The names of tests can be obtained with `pytest tests --collect-only`.
 
 ### Linters
@@ -63,7 +72,33 @@ To automatically reformat the code:
 
 - `make reformat`
 
-We use pylint `3.0.3`, black `22.3.0`.
+We use ruff (latest 0.x version) for linting and formatting, and yamllint for YAML files.
+
+#### Pre-commit Hooks (Recommended)
+
+We recommend using pre-commit hooks to automatically check and fix code before committing:
+
+```bash
+# Install pre-commit hooks (one-time setup)
+pre-commit install
+
+# Run manually on all files
+pre-commit run --all-files
+
+# Run on specific files
+pre-commit run --files slither/core/*.py
+
+# Update hook versions
+pre-commit autoupdate
+```
+
+The pre-commit hooks will automatically:
+- Fix linting issues with ruff
+- Check YAML syntax
+- Remove trailing whitespace
+- Fix end-of-file issues
+- Check for merge conflicts
+- Prevent large files from being committed
 
 ### Testing
 
@@ -111,9 +146,9 @@ For each new detector, at least one regression tests must be present.
 
 ### Synchronization with crytic-compile
 
-By default, `slither` follows either the latest version of crytic-compile in pip, or `crytic-compile@master` (look for dependencies in [`setup.py`](./setup.py). If crytic-compile development comes with breaking changes, the process to update `slither` is:
+By default, `slither` follows either the latest version of crytic-compile in PyPI, or `crytic-compile@master` (look for dependencies in [`pyproject.toml`](./pyproject.toml)). If crytic-compile development comes with breaking changes, the process to update `slither` is:
 
-- Update `slither/setup.py` to point to the related crytic-compile's branch
+- Update `slither/pyproject.toml` to point to the related crytic-compile's branch
 - Create a PR in `slither` and ensure it passes the CI
 - Once the development branch is merged in `crytic-compile@master`, ensure `slither` follows the `master` branch