BREAKING: Update dependencies, fix code style, and standardise workflows

[Mrtenz]

Description

This pull request standardises the entire repository according to our latest module template.

Changes

1. Update dependencies
2. Fix code style
3. Standardise GitHub workflows according to the latest module template
4. Add/update various configuration files in the project
   • Update Yarn to v3
   • Add an access field to the package.json for publishing under the @metamask scope
   • Update the tsconfig.build.json file to improve the building process and make the project ready for documentation generation using typedoc.
5. BREAKING: Bump minimum Node.js version to 16.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @lavamoat/aa@3.1.2
• @SocketSecurity ignore @lavamoat/allow-scripts@2.3.0

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
@lavamoat/aa@3.1.2 (added)	preinstall	package.json via @lavamoat/allow-scripts@2.3.0
@lavamoat/aa@3.1.2 (added)	preinstall	package.json via @lavamoat/allow-scripts@2.3.0
@lavamoat/aa@3.1.2 (added)	preinstall	package.json via @lavamoat/allow-scripts@2.3.0
@lavamoat/allow-scripts@2.3.0 (upgraded)	preinstall	package.json
@lavamoat/allow-scripts@2.3.0 (upgraded)	preinstall	package.json
@lavamoat/allow-scripts@2.3.0 (upgraded)	preinstall	package.json
@lavamoat/aa@3.1.2 (added)	preinstall	package.json via @lavamoat/allow-scripts@2.3.0
@lavamoat/aa@3.1.2 (added)	preinstall	package.json via @lavamoat/allow-scripts@2.3.0
@lavamoat/allow-scripts@2.3.0 (upgraded)	preinstall	package.json
@lavamoat/allow-scripts@2.3.0 (upgraded)	preinstall	package.json

Pull request alert summary

Issue	Status
Install scripts	⚠️ 10 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
jest-it-up@2.2.0	filesystem, shell, environment	+10	rbardini
depcheck@1.4.3	eval, filesystem, environment	+41	rumpl
rimraf@5.0.0	filesystem, environment	+6	isaacs
typedoc@0.24.1	network, filesystem, environment	+9	typedoc-bot

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
@lavamoat/allow-scripts@2.3.0	1.0.6...2.3.0	shell, environment	+16/-15	kumavis
@metamask/eslint-config-jest@11.1.0	9.0.0...11.1.0	None	+97/-111	metamaskbot
@metamask/eslint-config-typescript@11.1.0	9.0.1...11.1.0	None	+96/-110	metamaskbot
@metamask/eslint-config-nodejs@11.1.0	9.0.0...11.1.0	None	+86/-96	metamaskbot
prettier-plugin-packagejson@2.4.3	2.2.17...2.4.3	shell, environment	+15/-16	matzkoh
@metamask/eslint-config@11.1.0	9.0.0...11.1.0	None	+84/-93	metamaskbot
ts-node@10.9.1	10.7.0...10.9.1	None	+8/-8	cspotcode
eth-rpc-errors@4.0.3	4.0.2...4.0.3	None	+1/-1	rekmarks
eslint-config-prettier@8.8.0	8.5.0...8.8.0	None	+33/-47	lydell
eslint-plugin-prettier@4.2.1	3.4.1...4.2.1	None	+33/-48	jounqin
ts-jest@29.1.0	27.1.4...29.1.0	None	+100/-198	kul
eslint-plugin-import@2.27.5	2.26.0...2.27.5	None	+75/-81	ljharb
jest@29.5.0	27.5.1...29.5.0	None	+98/-190	simenb
eslint@8.38.0	7.32.0...8.38.0	environment	+32/-46	eslintbot
eslint-plugin-jsdoc@39.9.1	36.1.1...39.9.1	None	+38/-54	gajus
eslint-plugin-jest@27.2.1	24.7.0...27.2.1	filesystem	+44/-63	simenb
@types/jest@29.5.0	26.0.24...29.5.0	eval, environment	+16/-12	types
@typescript-eslint/parser@5.58.0	4.33.0...5.58.0	None	+38/-59	jameshenry
@typescript-eslint/eslint-plugin@5.58.0	4.33.0...5.58.0	None	+43/-62	jameshenry

🚮 Removed packages: @types/node@17.0.23, prettier@2.6.2

[ritave]

@Mrtenz does the breakage actually break the package being able to run on v14, or is it just us officially saying "we don't do v14 issue support anymore"

[Mrtenz]

@Mrtenz does the breakage actually break the package being able to run on v14, or is it just us officially saying "we don't do v14 issue support anymore"

It actually breaks the package for Node.js 14, as I've updated the requirement in package.json. Node.js 14 is EOL at the end of April, and we're working on bumping everything to use 16.

[mcmire]

Should we hold off on bumping this? Mobile still uses Node 14, and we haven't bumped the Node version across libraries yet (I'm guessing for that reason). Although it sounds like based on a thread in #metamask-dev that mobile is working on this. @Gudahtt do you know anything about this? Also forgive me if there's context I'm missing for this PR.

[FrederikBolding]

We want to start bumping all packages to Node 16 since 14 is EOL at the end of April (if not now, then in a few weeks).

Since this package is rarely updated it seems fine to me to update it even if mobile can't use the changes instantly (bumping core for example would be a different story). Regardless though, from what Mark told me, mobile is a few weeks away from having Node 16.

[mcmire]

Ah okay. Gotcha. That makes sense then. Just wanted to make sure no one was surprised by this. I agree that this package isn't updated that often. We are about to replace web3-provider-engine with json-rpc-engine and friends in core, but we can certainly use the existing version for the time being as it does serve our purpose fine and then upgrade later when we bump all the core packages to Node 16.