Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Centurylong/sanctifier/llms.txt
Use this file to discover all available pages before exploring further.
@sanctifier/sdk brings the full Sanctifier analysis engine to every JavaScript environment. It packages the same sanctifier-core rules — authentication gaps, unsafe arithmetic, storage collisions, upgrade risks, and more — compiled to WebAssembly, so you can audit Soroban source code from a Node.js script, a browser playground, a VS Code extension, or a serverless edge function without installing or spawning a Rust binary.
Installation
Version0.1.0 is available on the npm registry under the @sanctifier scope.
Exported functions
The package surface is intentionally small. Four functions cover every use case:analyzeSync is also exported from @sanctifier/sdk/node for CLI scripts
that prefer a synchronous call. It is not available in the browser entry.Quick start
The example below reads a Soroban contract source string, runs the full rule set, and prints each finding to the console.AnalyzeOptions
Pass an optional second argument to analyze() to control rule execution and failure behaviour.
When set,
analyze() rejects with a SanctifierError if any finding has a severity
at or above this threshold. The error carries the full AnalysisReport so you can
render details after catching. Omit to receive findings without throwing.Override the ledger entry byte budget used by the storage-size checks (S004).
Defaults to the Soroban protocol limit baked into the WASM bundle.
Fraction of
ledgerLimit (between 0 and 1) at which a struct is considered to
be “approaching” the limit and triggers a warning instead of an error.
Defaults to 0.8.Restrict analysis to the named rules. Pass stable code strings such as
["S001", "S003"] or the rule name identifiers accepted by the core.
When omitted, all built-in rules run.Glob patterns passed to the core for paths that custom regex rules should skip.
Has no effect on the built-in structural rules.
One or more user-defined regex rules. Each match is surfaced as a finding with
code
S007. See the CustomRule type below.AnalysisReport
Every successful call to analyze() resolves with an AnalysisReport.
findings
A flat list of every issue discovered across all rules.
summary
Aggregated counts across all severity levels. total equals findings.length.
raw
The original per-category vectors returned by the WASM core. Useful when you need
finer-grained access beyond the normalised findings list.
FindingCodeEntry
findingCodes() returns an array of these records — one per stable code in the
sanctifier-core catalog.
SanctifierError
Thrown (or rejected) when failOn is set and at least one finding meets the
threshold.
Environment-specific guides
The public API — types, function signatures, import paths — is identical in Node.js and browsers. Only initialisation differs.- Node.js guide → — zero-config usage,
analyzeSync, CJS vs ESM exports - Browser guide → — WASM initialisation, bundler setup, React snippet