Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create workspace #101

Merged
merged 12 commits into from
Mar 11, 2024
Merged

create workspace #101

merged 12 commits into from
Mar 11, 2024

Conversation

acharb
Copy link
Contributor

@acharb acharb commented Mar 4, 2024

moving sdk code into a workspace to create a more modular architecture (adding KeyManager in another workspace in separate PR)

see discussion here

@socket-security Socket Security
Copy link

socket-security bot commented Mar 4, 2024
edited

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@albedo-link/intent@0.12.0 None 0 162 kB orbitlens
npm/@babel/code-frame@7.18.6 None +2 63.5 kB nicolo-ribaudo
npm/@babel/core@7.21.0 environment, filesystem, unsafe Transitive: shell +31 9.62 MB nicolo-ribaudo
npm/@babel/generator@7.21.1 Transitive: environment +6 3.26 MB nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.24.0 Transitive: environment, filesystem, shell, unsafe +58 11.4 MB nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.22.15 Transitive: environment, filesystem, shell, unsafe +64 11.7 MB nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.23.0 Transitive: environment +4 2.55 MB nicolo-ribaudo
npm/@babel/helper-module-imports@7.18.6 Transitive: environment +2 2.53 MB nicolo-ribaudo
npm/@babel/helper-module-transforms@7.21.0 Transitive: environment +15 5.1 MB nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.24.0 None 0 11.7 kB nicolo-ribaudo
npm/@babel/helper-simple-access@7.20.2 Transitive: environment +2 2.53 MB nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.19.1 None 0 51.7 kB nicolo-ribaudo
npm/@babel/helpers@7.21.0 Transitive: environment +11 5.46 MB nicolo-ribaudo
npm/@babel/parser@7.21.1 None 0 1.95 MB nicolo-ribaudo
npm/@babel/plugin-syntax-jsx@7.23.3 Transitive: environment, filesystem, shell, unsafe +86 20.5 MB nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.23.3 Transitive: environment, filesystem, shell, unsafe +86 20.5 MB nicolo-ribaudo
npm/@babel/plugin-transform-optional-chaining@7.23.4 Transitive: environment, filesystem, shell, unsafe +89 20.6 MB nicolo-ribaudo
npm/@babel/preset-env@7.24.0 environment Transitive: filesystem, shell, unsafe +161 15.5 MB nicolo-ribaudo
npm/@babel/preset-typescript@7.23.3 Transitive: environment, filesystem, shell, unsafe +96 21.2 MB nicolo-ribaudo
npm/@babel/runtime@7.24.0 None +1 290 kB nicolo-ribaudo
npm/@babel/template@7.20.7 Transitive: environment +5 4.55 MB nicolo-ribaudo
npm/@eslint-community/regexpp@4.10.0 None 0 431 kB eslint-community-bot
npm/@jridgewell/gen-mapping@0.3.5 None +4 368 kB jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15 None 0 45.9 kB jridgewell
npm/@jridgewell/trace-mapping@0.3.25 None +2 268 kB jridgewell
npm/@ledgerhq/errors@6.16.2 None 0 189 kB ldg-github-ci
npm/@ledgerhq/hw-app-str@6.28.4 None +13 5.63 MB ldg-github-ci
npm/@ledgerhq/hw-transport-u2f@5.36.0-deprecated None +9 5.66 MB gre
npm/@ledgerhq/logs@6.12.0 None 0 36.3 kB sergii-shkolin
npm/@stellar/freighter-api@2.0.0 None 0 58.8 kB piyalbasu
npm/@stellar/stellar-sdk@11.2.2 Transitive: environment, filesystem, network +27 47.7 MB stellar-npm-ci
npm/@trezor/connect-plugin-stellar@9.0.2 None +1 365 kB trezor-ci
npm/@trezor/connect-plugin-stellar@9.0.3 Transitive: environment, filesystem +1 27.9 kB trezor-ci
npm/@types/babel__traverse@7.20.5 Transitive: environment +4 2.58 MB types
npm/@types/estree@1.0.5 None 0 25.7 kB types
npm/@types/istanbul-lib-coverage@2.0.6 None 0 5.45 kB types
npm/@types/jest@29.5.12 Transitive: environment, filesystem, unsafe +48 5.79 MB types
npm/@types/json-schema@7.0.11 None 0 32.2 kB types
npm/@types/json-schema@7.0.15 None 0 31.7 kB types
npm/@types/semver@7.5.8 None 0 23.3 kB types
npm/@typescript-eslint/eslint-plugin@7.1.1 Transitive: environment, eval, filesystem, shell, unsafe +123 48.8 MB jameshenry
npm/@typescript-eslint/parser@6.21.0 Transitive: filesystem +15 3.01 MB jameshenry
npm/@typescript-eslint/parser@7.1.1 Transitive: environment, eval, filesystem, shell, unsafe +118 45.7 MB jameshenry
npm/@typescript-eslint/types@6.21.0 None 0 156 kB jameshenry
npm/@typescript-eslint/typescript-estree@6.21.0 Transitive: filesystem +5 1.26 MB jameshenry
npm/acorn@8.11.3 None 0 531 kB marijn
npm/asn1.js@4.10.1 unsafe +2 144 kB indutny
npm/available-typed-arrays@1.0.7 None +1 31.3 kB ljharb
npm/babel-jest@29.7.0 environment Transitive: eval, filesystem, network, shell, unsafe +148 17.8 MB simenb
npm/browserify-sign@4.2.3 Transitive: environment, unsafe +31 874 kB ljharb
npm/browserslist@4.21.5 environment, filesystem Transitive: shell +5 2.26 MB ai
npm/call-bind@1.0.7 Transitive: eval +11 231 kB ljharb
npm/core-js-compat@3.36.0 Transitive: environment, filesystem, shell +7 3.11 MB zloirock
npm/define-data-property@1.1.4 Transitive: eval +8 179 kB ljharb
npm/elliptic@6.5.5 None +6 291 kB indutny
npm/enhanced-resolve@5.15.1 unsafe Transitive: environment, filesystem +3 301 kB evilebottnawi
npm/es-abstract@1.22.5 Transitive: eval +58 3.29 MB ljharb
npm/es-errors@1.3.0 None 0 12.3 kB ljharb
npm/expect@29.7.0 Transitive: environment, filesystem, unsafe +47 5.72 MB simenb
npm/get-intrinsic@1.2.4 eval +5 129 kB ljharb
npm/graceful-fs@4.2.11 environment, filesystem 0 32.5 kB isaacs
npm/has-property-descriptors@1.0.2 Transitive: eval +7 152 kB ljharb
npm/has-proto@1.0.3 None 0 12 kB ljharb
npm/has-tostringtag@1.0.2 None +1 38.2 kB ljharb
npm/hasown@2.0.1 None +1 42.6 kB ljharb
npm/husky@9.0.11 environment, filesystem, shell 0 3.61 kB typicode
npm/ignore@5.3.1 None 0 51.5 kB kael
npm/is-shared-array-buffer@1.0.3 Transitive: eval +12 250 kB ljharb
npm/isarray@1.0.0 None 0 3.89 kB juliangruber
npm/istanbul-lib-coverage@3.2.2 None 0 34.4 kB oss-bot
npm/jest-mock-random@1.1.1 None 0 5.99 kB sir-people
npm/jest-util@29.7.0 environment Transitive: filesystem +17 4.89 MB simenb
npm/jest@29.7.0 Transitive: environment, eval, filesystem, network, shell, unsafe +276 23.3 MB simenb
npm/node-localstorage@3.0.5 filesystem +3 131 kB lmaccherone
npm/parse-asn1@5.1.7 Transitive: environment, unsafe +16 409 kB ljharb
npm/pretty-format@29.7.0 Transitive: environment +4 546 kB simenb
npm/resolve@1.22.8 environment, filesystem +5 232 kB ljharb
npm/schema-utils@3.3.0 environment Transitive: eval +10 1.74 MB evilebottnawi
npm/scrypt-async@2.0.1 None 0 33.6 kB dchest
npm/sinon@17.0.1 Transitive: environment, eval +12 7.75 MB fatso83
npm/trezor-connect@8.2.12 Transitive: network +10 1.73 MB trezor-ci
npm/ts-jest@29.1.2 environment, filesystem, unsafe Transitive: eval, network, shell +281 55.7 MB kul
npm/ts-loader@9.5.1 filesystem Transitive: environment, eval, network, shell, unsafe +89 52.3 MB johnnyreilly
npm/tslib@2.6.2 None 0 84 kB typescript-bot
npm/tweetnacl-util@0.15.1 None 0 8.14 kB dchest
npm/typescript@5.3.3 None 0 32 MB typescript-bot
npm/webpack-cli@5.1.4 environment, filesystem, unsafe Transitive: eval, network, shell +140 26.4 MB evilebottnawi
npm/webpack@5.90.3 environment, filesystem, network, unsafe Transitive: eval, shell +93 24.9 MB evilebottnawi

🚮 Removed packages: npm/@babel/helper-function-name@7.21.0, npm/@typescript-eslint/parser@6.7.5, npm/axios@1.4.0, npm/caniuse-lite@1.0.30001597, npm/electron-to-chromium@1.4.699, npm/enhanced-resolve@5.14.0, npm/eslint@8.51.0, npm/parse-asn1@5.1.6, npm/prettier@2.8.8, npm/schema-utils@3.1.2, npm/tslib@2.5.0, npm/typescript@5.0.4, npm/webpack-cli@5.1.1, npm/webpack@5.83.1

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Mar 4, 2024
edited

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Network access npm/node-fetch@2.7.0
Network access npm/node-fetch@2.7.0
Network access npm/node-fetch@2.7.0
Network access npm/source-map@0.7.4
Filesystem access npm/source-map@0.7.4
Network access npm/cross-fetch@3.1.8
Debug access npm/jest-circus@29.7.0
Debug access npm/asn1.js@4.10.1
Non OSI license npm/caniuse-lite@1.0.30001457
  • License: CC-BY-4.0
Filesystem access npm/node-localstorage@3.0.5
Debug access npm/prettier@3.2.5
Filesystem access npm/prettier@3.2.5
Filesystem access npm/husky@9.0.11
Debug access npm/enhanced-resolve@5.15.1
Non OSI license npm/caniuse-lite@1.0.30001593
  • License: CC-BY-4.0

View full report↗︎

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

What is debug access?

Uses debug, reflection and dynamic code execution features.

Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

What is a non OSI license?

(Experimental) Package has a non-OSI-approved license.

Consider the terms of the license for your given use case.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/node-fetch@2.7.0
  • @SocketSecurity ignore npm/source-map@0.7.4
  • @SocketSecurity ignore npm/cross-fetch@3.1.8
  • @SocketSecurity ignore npm/jest-circus@29.7.0
  • @SocketSecurity ignore npm/asn1.js@4.10.1
  • @SocketSecurity ignore npm/caniuse-lite@1.0.30001457
  • @SocketSecurity ignore npm/node-localstorage@3.0.5
  • @SocketSecurity ignore npm/prettier@3.2.5
  • @SocketSecurity ignore npm/husky@9.0.11
  • @SocketSecurity ignore npm/enhanced-resolve@5.15.1
  • @SocketSecurity ignore npm/caniuse-lite@1.0.30001593

@acharb
Copy link
Contributor Author

acharb commented Mar 5, 2024

fyi working on fixing the socket alerts

@acharb acharb mentioned this pull request Mar 11, 2024
Merged
@acharb
add keypair package in a second workspace (#102)
2ab914f 
* add km package

* fix tests

* cleanup
@acharb acharb merged commit 3940812 into release/1.4.0 Mar 11, 2024
4 of 5 checks passed
@acharb acharb deleted the acharb-workspace2 branch March 11, 2024 19:39
@Ifropc
Copy link
Contributor

Ifropc commented Mar 15, 2024

@acharb can you check failing pipeline please? 🙏🏼

@acharb
Copy link
Contributor Author

acharb commented Mar 18, 2024

@Ifropc are you referring to the socket security? discussed with Piyal here

the socket-security checks I looked into, and fixed the ones needing. The ones left are due to "Unstable Ownership". But I looked into it and its due to a code maintainer changing, but doesn't look malicious

acharb added a commit that referenced this pull request Mar 26, 2024
@piyalbasu @acharb
Release/1.4.0 (#108)
360f796 
* fix broken test (#93)

* add sep10 sign challenge txn helper (#95)

* add sep10 helper method

* name change

* correct resp

* create server module

* add npm publish gha (#96)

* WAL-1064 - add anchor platform integration tests (#99)

* create workspace (#101)

* create workspace

* try

* try

* try

* try

* cleanup

* update anchor platform docker run

* fix

* fix

* upgrade babel/traverse

* upgrade browserify-sign

* add keypair package in a second workspace (#102)

* add km package

* fix tests

* cleanup

* add second CD (#109)

* fix stellar-sdk imports (#112)

* fix imports

* fix

* preparing for 1.4.0 release stuff (#110)

* fix

* fix webpack process

* webpack fix (#113)

* webpack fix

* cleanup

* add helper for parsing AnchorTransaction (#111)

* add helper for parsing AnchorTransaction

* use kind

* add try-catch

---------

Co-authored-by: Alec Charbonneau <aleccharb21@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piyalbasu piyalbasu piyalbasu approved these changes

@Ifropc Ifropc Awaiting requested review from Ifropc

@CassioMG CassioMG Awaiting requested review from CassioMG

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@acharb @Ifropc @piyalbasu