在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):koalaman/shellcheck开源软件地址(OpenSource Url):https://github.com/koalaman/shellcheck开源编程语言(OpenSource Language):Haskell 96.4%开源软件介绍(OpenSource Introduction):ShellCheck - A shell script static analysis toolShellCheck is a GPLv3 tool that gives warnings and suggestions for bash/sh shell scripts: The goals of ShellCheck are
See the gallery of bad code for examples of what ShellCheck can help you identify! Table of Contents
How to useThere are a number of ways to use ShellCheck! On the webPaste a shell script on https://www.shellcheck.net for instant feedback. ShellCheck.net is always synchronized to the latest git commit, and is the easiest way to give ShellCheck a go. Tell your friends! From your terminalRun In your editorYou can see ShellCheck suggestions directly in a variety of editors.
In your build or test suitesWhile ShellCheck is mostly intended for interactive use, it can easily be added to builds or test suites.
It makes canonical use of exit codes, so you can just add a For example, in a Makefile: check-scripts:
# Fail if any of these files have warnings
shellcheck myscripts/*.sh or in a Travis CI script:
# Fail if any of these files have warnings
- shellcheck myscripts/*.sh Services and platforms that have ShellCheck pre-installed and ready to use:
Most other services, including GitLab, let you install ShellCheck yourself, either through the system's package manager (see Installing), or by downloading and unpacking a binary release. It's a good idea to manually install a specific ShellCheck version regardless. This avoids any surprise build breaks when a new version with new warnings is published. For customized filtering or reporting, ShellCheck can output simple JSON, CheckStyle compatible XML, GCC compatible warnings as well as human readable text (with or without ANSI colors). See the Integration wiki page for more documentation. InstallingThe easiest way to install ShellCheck locally is through your package manager. On systems with Cabal (installs to
On systems with Stack (installs to
On Debian based distros:
On Arch Linux based distros:
or get the dependency free shellcheck-bin from the AUR. On Gentoo based distros:
On EPEL based distros:
On Fedora based distros:
On FreeBSD:
On macOS (OS X) with Homebrew:
Or with MacPorts:
On OpenBSD:
On openSUSE
Or use OneClickInstall - https://software.opensuse.org/package/ShellCheck On Solus:
On Windows (via chocolatey): C:\> choco install shellcheck Or Windows (via scoop): C:\> scoop install shellcheck From conda-forge:
From Snap Store:
From Docker Hub: docker run --rm -v "$PWD:/mnt" koalaman/shellcheck:stable myscript
# Or :v0.4.7 for that version, or :latest for daily builds or use Using the nix package manager: nix-env -iA nixpkgs.shellcheck Alternatively, you can download pre-compiled binaries for the latest release here:
or see the GitHub Releases for other releases (including the latest meta-release for daily git builds). Distro packages already come with a pandoc -s -f markdown-smart -t man shellcheck.1.md -o shellcheck.1
sudo mv shellcheck.1 /usr/share/man/man1 pre-commitTo run ShellCheck via pre-commit, add the hook to your
Travis CITravis CI has now integrated ShellCheck by default, so you don't need to manually install it. If you still want to do so in order to upgrade at your leisure or ensure you're using the latest release, follow the steps below to install a binary version. Installing a pre-compiled binaryThe pre-compiled binaries come in A simple installer may do something like: scversion="stable" # or "v0.4.7", or "latest"
wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz" | tar -xJv
cp "shellcheck-${scversion}/shellcheck" /usr/bin/
shellcheck --version Compiling from sourceThis section describes how to build ShellCheck from a source directory. ShellCheck is written in Haskell and requires 2GB of RAM to compile. Installing CabalShellCheck is built and packaged using Cabal. Install the package On macOS (OS X), you can do a fast install of Cabal using brew, which takes a couple of minutes instead of more than 30 minutes if you try to compile it from source.
On MacPorts, the package is instead called Verify that
Compiling ShellCheck
Or if you intend to run the tests:
This will compile ShellCheck and install it to your Add this directory to your export PATH="$HOME/.cabal/bin:$PATH" Log out and in again, and verify that your PATH is set up correctly: $ which shellcheck
~/.cabal/bin/shellcheck On native Windows, the chcp 65001 In Powershell ISE, you may need to additionally update the output encoding: [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 Running testsTo run the unit test suite:
Gallery of bad codeSo what kind of things does ShellCheck look for? Here is an incomplete list of detected issues. QuotingShellCheck can recognize several types of incorrect quoting: echo $1 # Unquoted variables
find . -name *.ogg # Unquoted find/grep patterns
rm "~/my file.txt" # Quoted tilde expansion
v='--verbose="true"'; cmd $v # Literal quotes in variables
for f in "*.ogg" # Incorrectly quoted 'for' loops
touch $@ # Unquoted $@
echo 'Don't forget to restart!' # Singlequote closed by apostrophe
echo 'Don\'t try this at home' # Attempting to escape ' in ''
echo 'Path is $PATH' # Variables in single quotes
trap "echo Took ${SECONDS}s" 0 # Prematurely expanded trap
unset var[i] # Array index treated as glob ConditionalsShellCheck can recognize many types of incorrect test statements. [[ n != 0 ]] # Constant test expressions
[[ -e *.mpg ]] # Existence checks of globs
[[ $foo==0 ]] # Always true due to missing spaces
[[ -n "$foo " ]] # Always true due to literals
[[ $foo =~ "fo+" ]] # Quoted regex in =~
[ foo =~ re ] # Unsupported [ ] operators
[ $1 -eq "shellcheck" ] # Numerical comparison of strings
[ $n && $m ] # && in [ .. ]
[ grep -q foo file ] # Command without $(..)
[[ "$$file" == *.jpg ]] # Comparisons that can't succeed
(( 1 -lt 2 )) # Using test operators in ((..))
[ x ] & [ y ] | [ z ] # Accidental backgrounding and piping Frequently misused commandsShellCheck can recognize instances where commands are used incorrectly: grep '*foo*' file # Globs in regex contexts
find . -exec foo {} && bar {} \; # Prematurely terminated find -exec
sudo echo 'Var=42' > /etc/profile # Redirecting sudo
time --format=%s sleep 10 # Passing time(1) flags to time builtin
while read h; do ssh "$h" uptime # Commands eating while loop input
alias archive='mv $1 /backup' # Defining aliases with arguments
tr -cd '[a-zA-Z0-9]' # [] around ranges in tr
exec foo; echo "Done!" # Misused 'exec'
find -name \*.bak -o -name \*~ -delete # Implicit precedence in find
# find . -exec foo > bar \; # Redirections in find
f() { whoami; }; sudo f # External use of internal functions Common beginner's mistakesShellCheck recognizes many common beginner's syntax errors: var = 42 # Spaces around = in assignments
$foo=42 # $ in assignments
for $var in *; do ... # $ in for loop variables
var$n="Hello" # Wrong indirect assignment
echo ${var$n} # Wrong indirect reference
var=(1, 2, 3) # Comma separated arrays
array=( [index] = value ) # Incorrect index initialization
echo $var[14] # Missing {} in array references
echo "Argument 10 is $10" # Positional parameter misreference
if $(myfunction); then ..; fi # Wrapping commands in $()
else if othercondition; then .. # Using 'else if'
f; f() { echo "hello world; } # Using function before definition
[ false ] # 'false' being true
if ( -f file ) # Using (..) instead of test StyleShellCheck can make suggestions to improve style: [[ -z $(find /tmp | grep mpg) ]] # Use grep -q instead
a >> log; b >> log; c >> log # Use a redirection block instead
echo "The time is `date`" # Use $() instead
cd dir; process *; cd ..; # Use subshells instead
echo $[1+2] # Use standard $((..)) instead of old $[]
echo $(($RANDOM % 6)) # Don't use $ on variables in $((..))
echo "$(date)" # Useless use of echo
cat file | grep foo # Useless use of cat Data and typing errorsShellCheck can recognize issues related to data and typing: args="$@" # Assigning arrays to strings
files=(foo bar); echo "$files" # Referencing arrays as strings
declare -A arr=(foo bar) # Associative arrays without index
printf "%s\n" "Arguments: $@." # Concatenating strings and arrays
[[ $# > 2 ]] # Comparing numbers as strings
var=World; echo "Hello " var # Unused lowercase variables
echo "Hello $name" # Unassigned lowercase variables
cmd | read bar; echo $bar # Assignments in subshells
cat foo | cp bar # Piping to commands that don't read
printf '%s: %s\n' foo # Mismatches in printf argument count
eval "${array[@]}" # Lost word boundaries in array eval
for i in "${x[@]}"; do ${x[$i]} # Using array value as key RobustnessShellCheck can make suggestions for improving the robustness of a script: rm -rf "$STEAMROOT/"* # Catastrophic rm
touch ./-l; ls * # Globs that could become options
find . -exec sh -c 'a && b {}' \; # Find -exec shell injection
printf "Hello $name" # Variables in printf format
for f in $(ls *.txt); do # Iterating over ls output
export MYVAR=$(cmd) # Masked exit codes
case $version in 2.*) :;; 2.6.*) # Shadowed case branches PortabilityShellCheck will warn when using features not supported by the shebang. For example, if you set the shebang to echo {1..$n} # Works in ksh, but not bash/dash/sh
echo {1..10} # Works in ksh and bash, but not dash/sh
echo -n 42 # Works in ksh, bash and dash, undefined in sh
expr match str regex # Unportable alias for `expr str : regex`
trap 'exit 42' sigint # Unportable signal spec
cmd &> file # Unportable redirection operator
read foo < /dev/tcp/host/22 # Unportable intercepted files
foo-bar() { ..; } # Undefined/unsupported function name
[ $UID = 0 ] # Variable undefined in dash/sh
local var=value # local is undefined in sh
time sleep 1 | sleep 5 # Undefined uses of 'time' |