@nomiclabs/hardhat-etherscan

v3.1.8

Hardhat plugin for verifying contracts on etherscan For more information about how to use this package see README

Latest version published 5 months ago

License: MIT

NPM

GitHub

Package Health Score

64 / 100

security
No known security issues
popularity
Popular
maintenance
Inactive
community
Active

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
3.1.8	\|	12/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.0.4	\|	05/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.1.8	\|	11/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.0.1	\|	11/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (69,965)

GitHub Stars: 6.75K
Forks: 1.29K
Contributors: 320

Direct Usage Popularity

The npm package @nomiclabs/hardhat-etherscan receives a total of 69,965 downloads a week. As such, we scored @nomiclabs/hardhat-etherscan popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package @nomiclabs/hardhat-etherscan, we found that it has been starred 6,753 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 320
Funding: No

A good and healthy external contribution signal for @nomiclabs/hardhat-etherscan project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like @nomiclabs/hardhat-etherscan is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

deprecated

Commit Frequency

Open Issues: 430
Open PR: 37
Last Release: 5 months ago
Last Commit: 4 days ago

Further analysis of the maintenance status of @nomiclabs/hardhat-etherscan based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

We found that @nomiclabs/hardhat-etherscan demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 4 years
Dependencies: 10 Direct
Versions: 35
Install Size: 243 kB
Dist-tags: 2
# of Files: 98
Maintainers: 4
TS Typings: Yes

@nomiclabs/hardhat-etherscan has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

hardhat-etherscan

The @nomiclabs/hardhat-etherscan plugin is deprecated in favor of our new @nomicfoundation/hardhat-verify plugin.

Migrating to `hardhat-verify`

hardhat-verify is a drop-in replacement of hardhat-etherscan. To migrate to it:

Uninstall the @nomiclabs/hardhat-etherscan package
Install the @nomicfoundation/hardhat-verify package
Update your Hardhat config to import @nomicfoundation/hardhat-verify instead of @nomiclabs/hardhat-etherscan

What

This plugin helps you verify the source code for your Solidity contracts on Etherscan.

It's smart and it tries to do as much as possible to facilitate the process:

Just provide the deployment address and constructor arguments, and the plugin will detect locally which contract to verify.
If your contract uses Solidity libraries, the plugin will detect them and deal with them automatically. You don't need to do anything about them.
A simulation of the verification process will run locally, allowing the plugin to detect and communicate any mistakes during the process.
Once the simulation is successful the contract will be verified using the Etherscan API.

Installation

npm install --save-dev @nomiclabs/hardhat-etherscan

And add the following statement to your hardhat.config.js:

require("@nomiclabs/hardhat-etherscan");

Or, if you are using TypeScript, add this to your hardhat.config.ts:

import "@nomiclabs/hardhat-etherscan";

Tasks

This plugin provides the verify task, which allows you to verify contracts through Etherscan's service.

Environment extensions

This plugin does not extend the environment.

Usage

You need to add the following Etherscan config to your hardhat.config.js file:

module.exports = {
  networks: {
    mainnet: { ... }
  },
  etherscan: {
    // Your API key for Etherscan
    // Obtain one at https://etherscan.io/
    apiKey: "YOUR_ETHERSCAN_API_KEY"
  }
};

Alternatively you can specify more than one block explorer API key, by passing an object under the apiKey property, see Multiple API keys and alternative block explorers.

Lastly, run the verify task, passing the address of the contract, the network where it's deployed, and the constructor arguments that were used to deploy it (if any):

npx hardhat verify --network mainnet DEPLOYED_CONTRACT_ADDRESS "Constructor argument 1"

Complex arguments

When the constructor has a complex argument list, you'll need to write a javascript module that exports the argument list. The expected format is the same as a constructor list for an ethers contract. For example, if you have a contract like this:

struct Point {
  uint x;
  uint y;
}

contract Foo {
  constructor (uint x, string s, Point memory point, bytes b) { ... }
}

then you can use an arguments.js file like this:

module.exports = [
  50,
  "a string argument",
  {
    x: 10,
    y: 5,
  },
  // bytes have to be 0x-prefixed
  "0xabcdef",
];

Where the third argument represents the value for the point parameter.

The module can then be loaded by the verify task when invoked like this:

npx hardhat verify --constructor-args arguments.js DEPLOYED_CONTRACT_ADDRESS

Libraries with undetectable addresses

Some library addresses are undetectable. If your contract uses a library only in the constructor, then its address cannot be found in the deployed bytecode.

To supply these missing addresses, you can create a javascript module that exports a library dictionary and pass it through the --libraries parameter:

hardhat verify --libraries libraries.js OTHER_ARGS

where libraries.js looks like this:

module.exports = {
  SomeLibrary: "0x...",
};

Multiple API keys and alternative block explorers

If your project targets multiple EVM-compatible networks that have different explorers, you'll need to set multiple API keys.

To configure the API keys for the chains you are using, provide an object under etherscan/apiKey with the identifier of each chain as the key. This is not necessarily the same name that you are using to define the network. For example, if you are going to verify contracts in Ethereum mainnet, Optimism and Arbitrum, your config would look like this:

module.exports = {
  networks: {
    mainnet: { ... },
    testnet: { ... }
  },
  etherscan: {
    apiKey: {
        mainnet: "YOUR_ETHERSCAN_API_KEY",
        optimisticEthereum: "YOUR_OPTIMISTIC_ETHERSCAN_API_KEY",
        arbitrumOne: "YOUR_ARBISCAN_API_KEY",
    }
  }
};

To see the full list of supported networks, run npx hardhat verify --list-networks. The identifiers shown there are the ones that should be used as keys in the apiKey object.

Adding support for other networks

If the chain you are using is not in the list, you can manually add the necessary information to verify your contracts on it. For this you need three things: the chain id of the network, the URL of the verification endpoint, and the URL of the explorer.

For example, if Goerli wasn't supported, you could add it like this:

etherscan: {
  apiKey: {
    goerli: ""
  },
  customChains: [
    {
      network: "goerli",
      chainId: 5,
      urls: {
        apiURL: "https://api-goerli.etherscan.io/api",
        browserURL: "https://goerli.etherscan.io"
      }
    }
  ]
}

Keep in mind that the name you are giving to the network in customChains is the same one that has to be used in the apiKey object.

To see which custom chains are supported, run npx hardhat verify --list-networks.

Using programmatically

To call the verification task from within a Hardhat task or script, use the "verify:verify" subtask. Assuming the same contract as above, you can run the subtask like this:

await hre.run("verify:verify", {
  address: contractAddress,
  constructorArguments: [
    50,
    "a string argument",
    {
      x: 10,
      y: 5,
    },
    "0xabcdef",
  ],
});

If the verification is not successful, an error will be thrown.

Providing libraries from a script or task

If your contract has libraries with undetectable addresses, you may pass the libraries parameter with a dictionary specifying them:

hre.run("verify:verify", {
  // other args
  libraries: {
    SomeLibrary: "0x...",
  }
}

How it works

The plugin works by fetching the bytecode in the given address and using it to check which contract in your project corresponds to it. Besides that, some sanity checks are performed locally to make sure that the verification won't fail.

Known limitations

Adding, removing, moving or renaming new contracts to the hardhat project or reorganizing the directory structure of contracts after deployment may alter the resulting bytecode in some solc versions. See this Solidity issue for further information.

@nomiclabs/hardhat-etherscan dependencies

@ethersproject/abi @ethersproject/address cbor chalk debug fs-extra lodash semver table undici

@nomiclabs/hardhat-etherscan development dependencies

FAQs

What is @nomiclabs/hardhat-etherscan?

Hardhat plugin for verifying contracts on etherscan. Visit Snyk Advisor to see a full health score report for @nomiclabs/hardhat-etherscan, including popularity, security, maintenance & community analysis.

Is @nomiclabs/hardhat-etherscan popular?

The npm package @nomiclabs/hardhat-etherscan receives a total of 69,965 weekly downloads. As such, @nomiclabs/hardhat-etherscan popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @nomiclabs/hardhat-etherscan well maintained?

We found indications that @nomiclabs/hardhat-etherscan is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is @nomiclabs/hardhat-etherscan safe to use?

The npm package @nomiclabs/hardhat-etherscan was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 21 April-2024, at 06:21 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP