search

MetaMask / metamask-sdk

The simplest yet most secure way to connect your blockchain-based applications to millions of MetaMask Wallet users.
https://metamask.io/sdk/
Other
188 stars 115 forks source link

Add performance tests for socket.io #1075

Open christopherferreira9 opened 1 month ago

christopherferreira9 commented 1 month ago

Explanation

Adds performance tests for Socket.io.

References

Checklist

socket-security[bot] commented 1 month ago

New dependencies detected. Learn more about Socket for GitHub β†—οΈŽ

Package New capabilities Transitives Size Publisher
npm/@babel/core@7.23.7 environment, filesystem, unsafe +3 3.28 MB nicolo-ribaudo
npm/@babel/plugin-proposal-class-properties@7.13.0 None 0 3.22 kB nicolo-ribaudo
npm/@babel/plugin-proposal-object-rest-spread@7.13.8 None 0 19.5 kB nicolo-ribaudo
npm/@babel/preset-env@7.23.8 environment 0 148 kB nicolo-ribaudo
npm/@sindresorhus/merge-streams@2.3.0 None 0 10.5 kB sindresorhus
npm/@types/eslint@9.6.1 None +1 221 kB types
npm/@types/k6@0.49.3 None 0 313 kB types
npm/@types/node@22.7.5 None 0 2.25 MB types
npm/@types/webpack@5.28.5 None 0 7.3 kB types
npm/@webpack-cli/configtest@2.1.1 None 0 4.55 kB evilebottnawi
npm/@webpack-cli/info@2.0.2 None 0 3.72 kB evilebottnawi
npm/@webpack-cli/serve@2.0.5 environment 0 11.6 kB evilebottnawi
npm/acorn-node@1.8.2 None 0 45.3 kB goto-bus-stop
npm/after@0.8.2 None 0 7.19 kB raynos
npm/ansi-align@2.0.0 None 0 6.85 kB nexdrew
npm/arraybuffer.slice@0.0.7 None 0 10 kB rase-
npm/arrivals@2.1.2 None +1 358 kB shoreditch-ops
npm/artillery-engine-socketio-v3@1.2.0 None 0 45.2 kB ptejada
npm/artillery-plugin-statsd@2.2.1 None 0 20 kB shoreditch-ops
npm/artillery@1.7.9 environment, filesystem, shell, unsafe Transitive: network +5 2.06 MB shoreditch-ops
npm/axios-retry@3.9.1 None 0 72 kB softonic
npm/axios@0.24.0 environment, network 0 389 kB jasonsaayman
npm/babel-loader@9.1.3 filesystem 0 38.4 kB nicolo-ribaudo
npm/backo2@1.0.2 None 0 3.1 kB mokesmokes
npm/base64-arraybuffer@0.1.4 None 0 5.04 kB niklasvh
npm/blob@0.0.5 None 0 30.6 kB amitport
npm/boxen@1.3.0 None 0 8.56 kB sindresorhus
npm/browser-pack@6.1.0 filesystem 0 30 kB goto-bus-stop
npm/browser-resolve@2.0.0 filesystem 0 15.9 kB goto-bus-stop
npm/browserify@17.0.1 filesystem, network, unsafe 0 363 kB goto-bus-stop
npm/buffer@5.2.1 None 0 79.9 kB feross
npm/cached-path-relative@1.1.0 None 0 3.71 kB ashaffer88
npm/capture-stack-trace@1.0.2 None 0 2.5 kB sindresorhus
npm/clean-webpack-plugin@4.0.0 None 0 35.7 kB johnagan
npm/cli-boxes@1.0.0 None 0 3.86 kB sindresorhus
npm/cli-spinners@1.3.1 None 0 14.2 kB sindresorhus
npm/combine-source-map@0.8.0 None 0 26.2 kB thlorenz
npm/commander@2.9.0 filesystem, shell 0 43.1 kB zhiyelee
npm/component-bind@1.0.0 None 0 2.43 kB tootallnate
npm/component-inherit@0.0.3 None 0 1.65 kB coreh
npm/configstore@3.1.5 None 0 6.94 kB ruyadorno
npm/convert-source-map@1.1.3 filesystem 0 30.4 kB thlorenz
npm/copy-webpack-plugin@12.0.2 None +1 104 kB evilebottnawi
npm/create-error-class@3.0.2 None 0 3.72 kB floatdrop
npm/csv-generate@4.4.1 None 0 1.2 MB david
npm/csv-parse@4.16.3 None 0 668 kB david
npm/csv-stringify@6.5.1 None 0 921 kB david
npm/csv@6.3.10 None +1 3.43 MB david
npm/dash-ast@1.0.0 None 0 8.69 kB goto-bus-stop
npm/deep-equal@1.1.2 None 0 75.3 kB ljharb
npm/deep-for-each@3.0.0 None 0 8.45 kB satazor
npm/defined@1.0.1 None 0 10.7 kB ljharb
npm/deps-sort@2.0.1 None 0 18.2 kB goto-bus-stop
npm/detective@5.2.1 None 0 20.8 kB bret
npm/dot-prop@4.2.1 None 0 6.35 kB sindresorhus
npm/driftless@2.0.3 eval 0 9.47 kB dbkaplun
npm/duplexer3@0.1.5 None 0 5.69 kB sindresorhus
npm/fastest-levenshtein@1.0.16 None 0 21.3 kB ka-weihe
npm/filtrex@0.5.4 environment, eval 0 98.4 kB alexgorbatchev
npm/foreground-child@3.3.0 shell +1 146 kB isaacs
npm/form-data@2.5.2 filesystem, network 0 30 kB ljharb
npm/get-assigned-identifiers@1.2.0 None 0 7.95 kB goto-bus-stop
npm/graceful-readlink@1.0.1 filesystem 0 2.38 kB zhiyelee
npm/has-binary2@1.0.3 None 0 5.01 kB darrachequesne
npm/has-cors@1.1.0 None 0 2.71 kB shtylman
npm/hpagent@0.1.2 network 0 55.7 kB delvedor
npm/htmlescape@1.1.1 None 0 3.42 kB zertosh
npm/import-lazy@2.1.0 None 0 4.77 kB sindresorhus
npm/import-local@3.2.0 None 0 4.73 kB sindresorhus
npm/inline-source-map@0.6.3 None 0 28 kB thlorenz
npm/insert-module-globals@7.2.1 None 0 33.6 kB goto-bus-stop
npm/interpret@3.1.1 None 0 21.5 kB phated
npm/is-installed-globally@0.1.0 None 0 3.21 kB sindresorhus
npm/is-npm@1.0.0 None 0 1.19 kB sindresorhus
npm/is-path-inside@1.0.1 None 0 2.6 kB sindresorhus
npm/is-redirect@1.0.0 None 0 2.47 kB sindresorhus
npm/is-retry-allowed@2.2.0 None 0 4.42 kB sindresorhus
npm/isarray@2.0.1 None 0 2.92 kB juliangruber
npm/isnumber@1.0.0 None 0 3.12 kB bryce
npm/jsck@0.3.2 None 0 75 kB automatthew
npm/k6@0.0.0 None 0 427 B liclac
npm/labeled-stream-splicer@2.0.2 None 0 9.2 kB goto-bus-stop
npm/latest-version@3.1.0 None 0 3.02 kB sindresorhus
npm/lodash.memoize@3.0.4 None 0 7.4 kB jdalton
npm/lynx@0.2.0 network 0 43 kB dscape
npm/mersenne@0.0.4 None 0 14.7 kB jwatte
npm/module-deps@6.2.3 environment, filesystem +1 95.2 kB goto-bus-stop
npm/moment@2.30.1 None 0 4.35 MB ichernev
npm/nanotimer@0.3.15 None 0 349 kB krb686
npm/node-gyp@10.2.0 environment, shell 0 1.85 MB nodejs-foundation
npm/notepack.io@2.2.0 None 0 61.8 kB darrachequesne
npm/opn@5.5.0 shell 0 32 kB sindresorhus
npm/ora@1.4.0 environment +2 45.4 kB sindresorhus
npm/package-json@4.0.1 Transitive: network +2 29.4 kB sindresorhus
npm/parseqs@0.0.6 None 0 3.29 kB gal
npm/parseuri@0.0.6 None 0 5.91 kB gal
npm/path-platform@0.11.15 environment 0 18 kB tjfontaine
npm/path-type@5.0.0 filesystem 0 5.64 kB sindresorhus
npm/posthog-node@1.3.0 None 0 29.5 kB twixes
npm/prepend-http@1.0.4 None 0 2.61 kB sindresorhus
npm/present@0.0.3 None 0 9.92 kB beardtree
npm/read-only-stream@2.0.0 None 0 5.67 kB substack
npm/rechoir@0.8.0 None 0 8.64 kB phated
npm/registry-auth-token@3.4.0 environment 0 81.1 kB rexxars
npm/semver-diff@2.1.0 None 0 3.23 kB sindresorhus
npm/shasum-object@1.0.0 None 0 8.61 kB goto-bus-stop
npm/socket.io-msgpack-parser@3.0.2 None 0 6.78 kB darrachequesne
npm/socketio-wildcard@2.0.0 None 0 7.69 kB hden
npm/stats-lite@2.2.0 None 0 11.3 kB bryce
npm/statsd-parser@0.0.4 None 0 10.5 kB dscape
npm/stream-combiner2@1.1.1 None 0 6.44 kB substack
npm/stream-http@3.2.0 None 0 26.8 kB jhiesey
npm/stream-splicer@2.0.1 None 0 26.1 kB goto-bus-stop
npm/stream-transform@3.3.2 None 0 976 kB david
npm/subarg@1.0.0 None 0 5.62 kB substack
npm/syntax-error@1.4.0 eval 0 9.57 kB goto-bus-stop
npm/term-size@1.2.0 environment 0 30.9 kB sindresorhus
npm/timers-browserify@1.4.2 None 0 20.8 kB jryans
npm/tmp@0.0.28 filesystem 0 56 kB raszi
npm/to-array@0.1.4 None 0 2.33 kB raynos
npm/try-require@1.2.1 None 0 5.34 kB rrragan
npm/tty-browserify@0.0.1 None 0 2 kB goto-bus-stop
npm/umd@3.0.3 None 0 9.29 kB forbeslindesay
npm/undeclared-identifiers@1.1.3 None 0 15.6 kB goto-bus-stop
npm/unicorn-magic@0.1.0 None 0 3.45 kB sindresorhus
npm/unzip-response@2.0.1 None 0 3.5 kB sindresorhus
npm/update-notifier@2.5.0 environment, shell 0 13.5 kB sboudrias
npm/url-parse-lax@1.0.0 None 0 3.71 kB sindresorhus
npm/uuid@2.0.3 None 0 33.2 kB defunctzombie
npm/webpack-cli@5.1.4 environment, filesystem, unsafe 0 110 kB evilebottnawi
npm/webpack-glob-entries@1.0.1 Transitive: filesystem +1 78.9 kB gcds
npm/widest-line@2.0.1 None 0 3.16 kB sindresorhus
npm/ws@5.2.4 network 0 99.6 kB lpinca
npm/xdg-basedir@3.0.0 environment 0 4.08 kB sindresorhus
npm/yeast@0.1.2 None 0 6.42 kB 3rdeden

View full reportβ†—οΈŽ

socket-security[bot] commented 1 month ago

🚨 Potential security issues detected. Learn more about Socket for GitHub β†—οΈŽ

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
New author npm/duplexer3@0.1.5 🚫
AI-detected potential code anomaly npm/xmlhttprequest-ssl@1.6.3
  • Notes: The code contains multiple security risks including unescaped user input, potential execution of malicious code, and unsanitized data flows. It should be reviewed and refactored to address these issues.
  • Confidence: 1.00
  • Severity: 0.60
 ⚠︎
New author npm/yeast@0.1.2 🚫
New author npm/blob@0.0.5 🚫
Medium CVE npm/got@6.7.1 ⚠︎
Network access npm/got@6.7.1 🚫
Network access npm/got@6.7.1 🚫
New author npm/capture-stack-trace@1.0.2 🚫
New author npm/tty-browserify@0.0.1 🚫
New author npm/uuid@2.0.3 🚫
New author npm/defined@1.0.1 🚫
Network access npm/hpagent@0.1.2 🚫
Network access npm/hpagent@0.1.2 🚫
Shell access npm/update-notifier@2.5.0 🚫
New author npm/browser-resolve@2.0.0 🚫
New author npm/deps-sort@2.0.1 🚫
New author npm/syntax-error@1.4.0 🚫
New author npm/stream-splicer@2.0.1 🚫
New author npm/arrivals@2.1.2 🚫
Deprecated npm/artillery@1.7.9
  • Reason: Artillery v1.x is no longer supported. Please upgrade to a more recent version
 ⚠︎
Shell access npm/artillery@1.7.9 🚫
New author npm/artillery-plugin-statsd@2.2.1 🚫
Network access npm/lynx@0.2.0 🚫
New author npm/mersenne@0.0.4
  • New Author: jwatte
  • Previous Author:
🚫
New author npm/node-gyp@10.2.0 🚫
Network access npm/browserify@17.0.1 🚫
New author npm/form-data@2.5.2 🚫

View full reportβ†—οΈŽ

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

What is a medium CVE?

Contains a medium severity Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

What is a deprecated package?

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/duplexer3@0.1.5
  • @SocketSecurity ignore npm/xmlhttprequest-ssl@1.6.3
  • @SocketSecurity ignore npm/yeast@0.1.2
  • @SocketSecurity ignore npm/blob@0.0.5
  • @SocketSecurity ignore npm/got@6.7.1
  • @SocketSecurity ignore npm/capture-stack-trace@1.0.2
  • @SocketSecurity ignore npm/tty-browserify@0.0.1
  • @SocketSecurity ignore npm/uuid@2.0.3
  • @SocketSecurity ignore npm/defined@1.0.1
  • @SocketSecurity ignore npm/hpagent@0.1.2
  • @SocketSecurity ignore npm/update-notifier@2.5.0
  • @SocketSecurity ignore npm/browser-resolve@2.0.0
  • @SocketSecurity ignore npm/deps-sort@2.0.1
  • @SocketSecurity ignore npm/syntax-error@1.4.0
  • @SocketSecurity ignore npm/stream-splicer@2.0.1
  • @SocketSecurity ignore npm/arrivals@2.1.2
  • @SocketSecurity ignore npm/artillery@1.7.9
  • @SocketSecurity ignore npm/artillery-plugin-statsd@2.2.1
  • @SocketSecurity ignore npm/lynx@0.2.0
  • @SocketSecurity ignore npm/mersenne@0.0.4
  • @SocketSecurity ignore npm/node-gyp@10.2.0
  • @SocketSecurity ignore npm/browserify@17.0.1
  • @SocketSecurity ignore npm/form-data@2.5.2
sonarcloud[bot] commented 1 month ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.02%. Comparing base (9866480) to head (9438d69). Report is 16 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1075 +/- ## ======================================= Coverage 78.02% 78.02% ======================================= Files 179 179 Lines 4164 4164 Branches 1023 1023 ======================================= Hits 3249 3249 Misses 915 915 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.