# koalaman/shellcheck

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/koalaman-shellcheck).**

39,574 stars · 1,925 forks · Haskell · GPL-3.0

## Links

- GitHub: https://github.com/koalaman/shellcheck
- Homepage: https://www.shellcheck.net
- awesome-repositories: https://awesome-repositories.com/repository/koalaman-shellcheck.md

## Topics

`bash` `developer-tools` `haskell` `linter` `shell` `static-analysis`

## Description

This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments.

The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter detected. It utilizes a sophisticated engine that constructs an abstract syntax tree to evaluate logic, quoting, and portability concerns. Developers can exert granular control over the analysis process by using inline directives to suppress specific warnings or configure how the tool resolves external source files.

The project covers a comprehensive surface of diagnostic capabilities, ranging from fundamental syntax validation to complex logic checks. It provides guidance on idiomatic script construction, including safe file handling, efficient arithmetic operations, and proper command substitution. These features collectively ensure that scripts adhere to POSIX standards and remain compatible across various shell implementations.

The tool is distributed as a command-line utility, allowing for integration into development workflows to provide immediate feedback on script integrity.

## Tags

### Development Tools & Productivity

- [Static Analysis Tools](https://awesome-repositories.com/f/development-tools-productivity/static-analysis-tools.md) — Provides automated feedback to improve code reliability and maintainability.
- [Portability Checkers](https://awesome-repositories.com/f/development-tools-productivity/portability-checkers.md) — Ensures shell scripts remain compatible across different operating systems and shell interpreters by detecting non-standard or dialect-specific syntax.
- [Shell Scripting Best Practices](https://awesome-repositories.com/f/development-tools-productivity/shell-scripting-best-practices.md) — Process files using shell globbing patterns instead of command substitution to safely handle filenames containing spaces, wildcards, or special characters. ([source](https://www.shellcheck.net/wiki/SC2045))
- [Shell Scripting Linters](https://awesome-repositories.com/f/development-tools-productivity/shell-scripting-linters.md) — Identifies inefficient pipe usage in shell scripts to optimize command execution and prevent redundant data processing. ([source](https://www.shellcheck.net/wiki/SC2008))
- [Cross-Platform Utilities](https://awesome-repositories.com/f/development-tools-productivity/cross-platform-utilities.md) — Detects non-standard or dialect-specific syntax to ensure scripts remain compatible across different operating systems and shell interpreters.
- [Shell Script Optimizers](https://awesome-repositories.com/f/development-tools-productivity/shell-script-optimizers.md) — Remove redundant echo commands wrapping shell command substitutions to improve script performance and preserve exit codes. ([source](https://www.shellcheck.net/wiki/SC2005))
- [Shell Scripting Utilities](https://awesome-repositories.com/f/development-tools-productivity/shell-scripting-utilities.md) — Wrap invisible terminal control codes in prompt strings with specific delimiters to ensure the shell correctly calculates line length and prevents display wrapping issues. ([source](https://www.shellcheck.net/wiki/SC2025))

### Testing & Quality Assurance

- [Linters & Formatters](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/linters-formatters.md) — Enforces POSIX compliance and identifies common syntax errors or logic flaws within shell script files.
- [Compatibility Testers](https://awesome-repositories.com/f/testing-quality-assurance/software-testing/compatibility-testers.md) — Identify non-portable script features that conflict with the specified shebang to ensure scripts remain compatible with the intended interpreter. ([source](https://www.shellcheck.net/wiki/SC2040))
- [Code Quality Tools](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/code-quality-tools.md) — Enforces best practices and consistent coding standards across shell scripts to improve maintainability and reduce common runtime failures.
- [Automated Code Review](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/automated-code-review.md) — Inspects scripts for common pitfalls and suggests idiomatic improvements to ensure consistent and robust code execution.
- [Static Analysis](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/static-analysis.md) — Allows explicit definition of sourced file paths to enable accurate static analysis of shell scripts. ([source](https://www.shellcheck.net/wiki/SC1090))

### Software Engineering & Architecture

- [Static Analysis Tools](https://awesome-repositories.com/f/software-engineering-architecture/static-analysis-tools.md) — Traverses the parsed tree structure to identify patterns, logic errors, and non-portable syntax constructs.
- [Shell Scripting Best Practices](https://awesome-repositories.com/f/software-engineering-architecture/shell-scripting-best-practices.md) — Provides patterns for processing file contents line by line to prevent common shell scripting errors like unintended word splitting. ([source](https://www.shellcheck.net/wiki/SC2013))

### Part of an Awesome List

- [Console Applications](https://awesome-repositories.com/f/awesome-lists/devtools/console-applications.md) — Static analysis tool for identifying issues in shell scripts.
- [Linting And Formatting](https://awesome-repositories.com/f/awesome-lists/devtools/linting-and-formatting.md) — Static analysis tool for shell scripts.
- [Shell Environment](https://awesome-repositories.com/f/awesome-lists/devtools/shell-environment.md) — Static analysis tool for shell scripts.
- [Shell Script Development](https://awesome-repositories.com/f/awesome-lists/devtools/shell-script-development.md) — Static analysis tool to detect bugs in shell scripts.

### Security & Cryptography

- [Security Scanners](https://awesome-repositories.com/f/security-cryptography/security-scanners.md) — Prevents common security vulnerabilities like command injection and improper variable expansion by identifying unsafe coding patterns in shell scripts.
- [Shell Security Hardening](https://awesome-repositories.com/f/security-cryptography/shell-security-hardening.md) — Quote all arguments and array-expansion variables to prevent unintended word splitting and globbing when processing script arguments containing spaces or special characters. ([source](https://www.shellcheck.net/wiki/SC2048))

### Programming Languages & Runtimes

- [Parsers & Lexers](https://awesome-repositories.com/f/programming-languages-runtimes/compiler-interpreter-internals/parsers-lexers.md) — Processes source code into an abstract syntax tree by recursively matching grammar rules against tokens.

### Operating Systems & Systems Programming

- [Shells & Scripting](https://awesome-repositories.com/f/operating-systems-systems-programming/terminal-command-line-environments/shells-scripting.md) — Store the result of a shell command in a variable by wrapping the command in parentheses preceded by a dollar sign for later use in scripts. ([source](https://www.shellcheck.net/wiki/SC2037))