Write smart contracts in TypeScript. Ship audited Solidity.
import { Address, onlyOwner, msg } from "solidscript";
import { ERC20 } from "solidscript/standards";
export class MyToken extends ERC20 {
constructor(initialSupply: bigint) {
super("MyToken", "MTK");
this._mint(msg.sender, initialSupply);
}
@onlyOwner
mint(to: Address, amount: bigint): void {
this._mint(to, amount);
}
}→ deployed on Base Sepolia with source verified on BaseScan, in three commands.
npm install solidscript # or bun add / yarn add / pnpm add
npx solidscript doctor --fix # ONE-TIME: downloads forge/anvil + pulls slither/mythril Docker imagesThat's it. After doctor --fix you have a self-contained toolchain — solc, forge, anvil, slither, mythril all resolved automatically. No brew, no pipx, no foundryup.
| Tool | Where it comes from |
|---|---|
| solc (JS) | bundled in the npm install — works immediately |
| @openzeppelin/contracts | bundled as a regular dependency |
| TypeScript parser, viem, etc | bundled |
| forge + anvil | auto-downloaded to ~/.solidscript/bin/ on first use (or by doctor --fix). Pulled from Foundry's official GitHub release for your platform. |
| slither | runs via Docker (trailofbits/eth-security-toolbox) if Docker is installed; falls back to native slither on PATH; fails with install hint otherwise |
| mythril | runs via Docker (mythril/myth) if Docker is installed; falls back to native myth on PATH |
If you don't have Docker, install it once (brew install --cask docker) — it removes the need to ever touch Python for Slither/Mythril.
mkdir my-token && cd my-token
npm init -y
npm install solidscript
npx solidscript doctor --fix # fetches forge/anvil, pulls Slither+Mythril Docker images
npx solidscript init # scaffold contracts/ + config
# write your contract in contracts/Counter.ts
npx solidscript build contracts # TS → Solidity
npx solidscript verify contracts --skip fuzz # 9-gate security pipeline
npx solidscript compile out/sol # ABI + bytecode
# deploy via your browser wallet (no keys on disk)
npx solidscript deploy Counter -n base-sepolia- 9-gate security pipeline gates every deploy — native validator (secure mode), solc, SMTChecker (Z3), Slither, pattern library, auto-generated fuzz harnesses, auto-derived invariant tests, reproducible-build attestation
- Browser-wallet signing first-class — no private keys on disk; MetaMask/Rabby/Coinbase Wallet handles the signature
- Auto-verify on every Etherscan-family explorer — Base, Optimism, Arbitrum, Polygon, Eth, every testnet — one API key via Etherscan v2 multichain
- OpenZeppelin v5 + 13 optimizer passes built in — custom errors auto-derived,
Ownable(msg.sender)auto-injected, immutables auto-detected - Source maps from
.solback to.ts— forge stack traces rewrite to your TypeScript line numbers viasolidscript trace
- docs/details.md — full user guide (14 sections, written for non-Solidity devs)
- docs/cli-commands.yaml — every command and flag, machine-readable
- docs/openapi.yaml — OpenAPI 3.0 spec for the browser-deploy HTTP surface
- docs/api/ — TypeDoc reference for the library API (generated via
bun run docs:typedoc)
| Command | What it does |
|---|---|
solidscript doctor |
Check your environment (node, solc, slither, forge, OZ) |
solidscript init [dir] |
Scaffold a new project (contracts/, config, scripts) |
solidscript build <input> |
Transpile TS → Solidity (optimizer on by default) |
solidscript validate <input> |
Static checks (15 native rules) |
solidscript verify <input> |
Full 9-gate security pipeline |
solidscript compile <input> |
solc compile → ABI + bytecode |
solidscript deploy <Contract> -n <network> |
Deploy (browser wallet by default, auto-verifies on Etherscan if key configured) |
solidscript secure-deploy <input> -c <Contract> -n <network> |
Refuse to deploy unless 9 gates pass |
solidscript verify-source <Contract> -n <network> |
Submit source to Etherscan v2 multichain |
solidscript audit <input> |
Native rules + Slither |
solidscript audit-pack <input> |
Per-contract bundle for auditor handoff |
solidscript gasdiff <input> |
Bytecode size: unoptimized vs optimized |
solidscript test |
Forge tests + auto-generated fuzz |
solidscript trace |
Rewrite .sol:line → .ts:line in stack traces |
import {
parseContractFiles,
emitProgram,
validateProgram,
optimizeProgram,
compileSolidity,
} from "solidscript";
const { program } = parseContractFiles(["./contracts/MyToken.ts"]);
optimizeProgram(program);
const emitted = emitProgram(program);
console.log(emitted[0].solidity);MIT — see LICENSE.