Shellcheck-py is a Python wrapper for ShellCheck, a static analysis tool for shell scripts that finds bugs, style issues, and suspicious constructs in your shell scripts.
Shellcheck-py helps improve shell script quality by:
- Finding and fixing common shell script bugs
- Identifying potential security issues
- Suggesting style improvements
- Detecting portability issues between different shell types
- Providing clear explanations for each issue
- Integrating with Python projects and pre-commit hooks
Shellcheck-py is included as a development dependency:
# Install with other development dependencies
uv sync --devTo install it directly:
uv pip install shellcheck-pyIn this project, Shellcheck-py is used to:
- Validate shell scripts in the repository
- Ensure shell scripts follow best practices
- Prevent common shell scripting bugs
- Run as part of the pre-commit hooks and CI/CD pipeline
Shellcheck-py is configured in the .pre-commit-config.yaml file:
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.9.0.5
hooks:
- id: shellcheck
args: [--severity=warning]This configuration:
- Runs shellcheck on all shell scripts
- Reports issues with severity level "warning" or higher
To run Shellcheck on shell scripts:
# Run on a specific script
uv run shellcheck scripts/setup.sh
# Run on all shell scripts in a directory
uv run shellcheck scripts/*.sh# Specify shell dialect
uv run shellcheck --shell=bash scripts/setup.sh
# Set minimum severity level
uv run shellcheck --severity=warning scripts/setup.sh
# Include specific error codes
uv run shellcheck --include=SC2086,SC2046 scripts/setup.sh
# Exclude specific error codes
uv run shellcheck --exclude=SC2086,SC2046 scripts/setup.sh# Double quote to prevent globbing and word splitting
echo $variable # Warning: SC2086
# Correct version
echo "$variable"
# Useless echo with cat
cat file.txt | grep pattern # Warning: SC2002
# Correct version
grep pattern file.txt
# Command injection vulnerability
eval "command $user_input" # Error: SC2048
# Correct version (still be careful with user input)
eval "command ${user_input@Q}"Shellcheck uses different severity levels for issues:
- Error: Severe issues that are likely to cause incorrect behavior
- Warning: Issues that may cause problems in certain situations
- Info: Suggestions for better practices
- Style: Style recommendations
| Code | Description |
|---|---|
| SC1000s | Shell parser issues |
| SC2000s | Common shell script issues |
| SC2086 | Double quote to prevent globbing and word splitting |
| SC2046 | Quote to prevent word splitting/globbing |
| SC2164 | Use `cd ... |
| SC2016 | Single quotes don't expand variables |
| SC2034 | Variable appears unused |
| SC2155 | Declare and assign separately for better error handling |
| SC3000s | Shell-specific issues (bash, dash, ksh) |
- Fix all errors: Address all error-level issues before committing.
- Review warnings: Most warnings should be fixed unless there's a good reason not to.
- Use shellcheck directives: Use
# shellcheck disable=SC2086for intentional exceptions. - Document exceptions: When disabling checks, add a comment explaining why.
- Run regularly: Include shellcheck in your pre-commit hooks.
- Learn from issues: Use shellcheck as a learning tool to improve your shell scripting skills.