Version: Next

Getting started

System Dependencies

Before you begin, ensure you have the following software installed on your system:

Node.js version 22 or higher
(optional) Soufflé – enables more built-in detectors

Alternative: Use TON Web IDE

The TON Web IDE integrates the latest release version of Misti, allowing you to try it out on your project or incorporate it into your development process if you use the IDE. Check it out at: ide.ton.org.

Note: Some features of this Misti version are not available in the Web IDE. To access all functionalities, install it locally or in your CI environment.

Installation

npm install -g @nowarp/misti

🚧 Using Development Version

The latest development version may be unstable, yet it includes all the recently added detectors and therefore can provide a more comprehensive analysis.

To install the latest development version you should:

Clone Misti: git clone https://github.com/nowarp/misti
Build it: cd misti && yarn install && yarn gen && yarn build
Use it in your Tact project: cd /path/to/tact/project && yarn add file:/path/to/misti

Running the analysis

Run Misti by specifying a Tact contract, project config, or directory to check:

misti path/to/src/contracts
misti contract.tact
misti tact.config.json

This will highlight any warnings the analyzer found.

You can also add a script to your package.json to simplify running the linting process:

{
  "scripts": {
    "lint": "misti path/to/contract"
  }
}

Common Usage Scenarios

Below are a few usage examples for common scenarios when using [the misti CLI]./cli.md.

Suppressing Warnings

If you want to suppress some warnings in specific places of source code, you should use the @misti:suppress annotations in the comment on the previous line, for example:

fun test(): Int {
  // @misti:suppress NeverAccessedVariables
  let sum: Int = 0; // OK: The warning will be suppressed
  return 52;
}

This syntax also enables you to list a few detectors to be suppressed, including the custom ones, for example:

// @misti:suppress NeverAccessedVariables,MyCustomDetector,ReadOnlyVariables

Alternatively, you could run misti while entirely suppressing specific detectors:

misti --suppress ReadOnlyVariables path/to/tact.config.json

Filtering by Severity

You could filter out low-severity warnings to provide a quick analysis of only the critical warnings:

misti --min-severity medium path/to/tact.config.json

It is recommended to set the minimum severity level to at least medium, or you could choose high.

Enabling All Detectors

Running misti with all available built-in detectors enabled:

misti --all-detectors path/to/tact.config.json

It enables more detectors to find subtle bugs and optimization issues. It is recommended to use this only when auditing the project; otherwise, it might be too noisy.

Running in Quiet Mode

To suppress all output while running misti getting just a return code:

misti --quiet path/to/tact.config.json

This might be useful in scripts and CI/CD.

Troubleshooting

If you encounter any issues during the installation process, feel free to create an issue or ask in the Misti Telegram group.

Getting started

System Dependencies​

Installation​

Running the analysis​

Common Usage Scenarios​

Suppressing Warnings​

Filtering by Severity​

Enabling All Detectors​

Running in Quiet Mode​

Troubleshooting​