Closed mcmire closed 9 months ago
New dependencies detected. Learn more about Socket for GitHub ↗︎
Packages | Version | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|---|
@types/jest-when | 3.5.4 | None | +0 |
6.45 kB | types |
stdio-mock | 1.2.0 | None | +0 |
26.4 kB | tylors |
rimraf | 5.0.5 | filesystem, environment | +0 |
277 kB | isaacs |
@metamask/utils | 8.2.0 | filesystem | +17 |
4.96 MB | metamaskbot |
dependency-graph | 0.11.0 | None | +0 |
38.6 kB | jriecken |
axios | 1.6.0 | network, environment | +7 |
1.95 MB | |
jest-mock-extended | 3.0.5 | None | +1 |
144 kB | marchaos |
nock | 13.3.6 | network, filesystem, environment | +2 |
207 kB | nockbot |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Issue | Package | Version | Note | Source |
---|---|---|---|---|
Network access | axios | 1.6.0 |
|
|
Unpublished package | axios | 1.6.0 |
|
|
Network access | nock | 13.3.6 |
|
This module accesses the network.
Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Package version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Packages can be removed from the registry by manually un-publishing, a security issue removal, or may simply never have been published to the registry. Reliance on these packages will cause problem when they are not found.
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore axios@1.6.0
@SocketSecurity ignore nock@13.3.6
Is there an possibility to group the files related into folders, it'll improve the readability.
Is there an possibility to group the files related into folders, it'll improve the readability.
I feel like the files stand on their own, so I'm not sure which folders I could use. But do you have a suggestion?
I've begun splitting up this PR to make it easier to review. Setting this PR to draft to indicate that I won't merge this one, but keeping it open for reference.
Closing this PR since I don't plan on merging it, but will keep the branch alive for reference purposes.
This is a fairly hefty commit, but it adds all of the code which is necessary for an MVP version of this tool, which includes one rule whose goal is to merely to check that the
src/
directory of a project is present.Right now, as this package is not published, this tool may be run within this project using the following command:
There are two ways to run the tool. With no arguments, it will run the aforementioned rule across a slew of MetaMask repositories:
If you want to use your own list of repositories, however, you may pass those. For instance, if you wanted to run the rule on
utils
andproviders
, you could say:For help, pass
--help
:One thing about rules to note is that they are designed to be nested. So, for instance, if you have a rule that ensures that
tsconfig.json
contains a certain property, this rule will only work iftsconfig.json
exists. So you might make both rules and have the "tsconfig.json
must have X property" rule depend on the "tsconfig.json
must exist" rule. When this tool runs, it will print the results of these rules in the same hierarchy that they were defined:Closes #5.