🧪

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/eslint-parser@7.24.5	unsafe Transitive: environment, filesystem	+48	11.1 MB	nicolo-ribaudo
npm/@sentry/node@7.114.0	environment, filesystem, network, shell, unsafe	+8	7.84 MB	sentry-bot
npm/@swc/core@1.5.5	environment, filesystem, shell	+11	431 MB	kdy1
npm/@testing-library/jest-dom@6.4.5	None	+20	1.58 MB	testing-library-bot
npm/@testing-library/react@14.3.1	environment Transitive: eval	+74	12.5 MB	testing-library-bot
npm/@types/chai@4.3.16	None	0	82.2 kB	types
npm/@types/dateformat@5.0.2	None	0	5.24 kB	types
npm/@types/node@20.12.11	None	+1	2.13 MB	types
npm/@types/semver@7.5.8	None	0	23.3 kB	types
npm/@vitest/coverage-istanbul@1.6.0	Transitive: environment, filesystem, unsafe	+180	34.8 MB	vitestbot
npm/@wagmi/cli@2.1.6	Transitive: environment, filesystem, shell, unsafe	+98	235 MB	awkweb
npm/@wagmi/core@2.9.7	Transitive: environment, filesystem, network	+15	13.2 MB	awkweb
npm/abitype@1.0.2	None	0	1.16 MB	awkweb
npm/bcfg@0.2.2	environment, filesystem	+1	50.2 kB	nodweber
npm/chai-as-promised@7.1.2	None	+4	74.4 kB	chaijs
npm/chai@4.4.1	None	+7	923 kB	keithamus
npm/dateformat@4.6.3	None	0	20.7 kB	chase-manning
npm/eslint-plugin-jsdoc@48.2.4	filesystem Transitive: environment, unsafe	+15	4.07 MB	gajus
npm/eslint-plugin-react@7.34.1	filesystem Transitive: environment, eval	+104	5.98 MB	ljharb
npm/eslint@8.57.0	environment, filesystem Transitive: eval, shell, unsafe	+76	9.93 MB	eslintbot
npm/express@4.19.2	environment, filesystem, network Transitive: eval, unsafe	+43	1.38 MB	wesleytodd
npm/hardhat-deploy@0.12.4	environment, filesystem Transitive: eval, network	+50	16.1 MB	wighawag
npm/hardhat@2.22.3	environment, filesystem, network, shell Transitive: unsafe	+189	163 MB	kanej
npm/husky@9.0.11	environment, filesystem, shell	0	3.61 kB	typicode
npm/mocha@10.4.0	environment, eval, filesystem	+52	4.58 MB	voxpelli
npm/nx-cloud@18.0.1	environment, filesystem, shell Transitive: eval, network	+27	2.74 MB	altan-nrwl
npm/nx@18.2.2	environment, filesystem, network, shell, unsafe Transitive: eval	+79	9.48 MB	nrwl-jason
npm/pino-sentry@0.14.1	environment, unsafe	+13	294 kB	andrewww
npm/pino@8.21.0	environment, unsafe Transitive: eval, filesystem	+15	1.38 MB	matteo.collina
npm/react-dom@18.3.1	environment	+3	4.63 MB	react-bot
npm/react@18.3.1	environment	+2	339 kB	react-bot
npm/rimraf@5.0.7	environment, filesystem Transitive: shell	+20	2.52 MB	isaacs
npm/tsup@8.0.2	environment, eval, filesystem Transitive: network, shell, unsafe	+285	285 MB	egoist
npm/tsx@4.10.2	Transitive: filesystem, unsafe	+27	225 MB	hirokiosame
npm/typedoc@0.25.13	Transitive: environment, filesystem, network	+10	20.1 MB	typedoc-bot
npm/typescript@5.4.5	None	0	32.4 MB	typescript-bot
npm/viem@0.3.50	network Transitive: environment	+9	7.44 MB	jmoxey
npm/viem@2.10.5	network Transitive: environment, filesystem	+11	16.1 MB	jmoxey
npm/vitest@1.6.0	environment, eval Transitive: filesystem, network, shell, unsafe	+114	16.2 MB	vitestbot
npm/wagmi@2.8.7	Transitive: environment, eval, filesystem, network, shell, unsafe	+658	331 MB	awkweb
npm/web3-eth-accounts@4.1.2	Transitive: eval	+27	3.4 MB	luu-alex
npm/web3-eth@4.6.0	Transitive: eval, filesystem, network	+37	5.12 MB	luu-alex
npm/zod@3.23.8	None	0	667 kB	colinmcd94
pypi/idna@3.7	filesystem, network	0	1.1 MB	kjd

🚮 Removed packages: npm/@eth-optimism/common-ts@0.8.7, npm/@eth-optimism/contracts-bedrock@0.16.2, npm/@eth-optimism/contracts-ts@0.17.0, npm/@eth-optimism/core-utils@0.13.1, npm/@eth-optimism/sdk@3.1.8, npm/@ethereumjs/rlp@5.0.1, npm/@swc/core@1.3.106, npm/@testing-library/jest-dom@6.3.0, npm/@types/node@20.11.13, npm/@types/semver@7.5.6, npm/@typescript-eslint/parser@6.19.1, npm/@wagmi/cli@2.1.0, npm/bcfg@0.2.1, npm/chai-as-promised@7.1.1, npm/chai@4.3.10, npm/dateformat@4.5.1, npm/dotenv@16.4.1, npm/eslint-plugin-jsdoc@48.0.4, npm/eslint-plugin-react@7.33.2, npm/eslint@8.56.0, npm/glob@10.3.10, npm/hardhat-deploy@0.11.44, npm/hardhat@2.19.5, npm/husky@9.0.10, npm/mocha@10.2.0, npm/node-fetch@2.6.7, npm/nx-cloud@16.5.2, npm/nx@17.2.8, npm/pino-sentry@0.14.0, npm/pino@8.17.2, npm/rimraf@5.0.5, npm/ts-node@10.9.2, npm/tsup@8.0.1, npm/tsx@4.7.0, npm/typedoc@0.25.7, npm/viem@2.5.0, npm/vite@5.0.12, npm/vitest@1.2.2, npm/wagmi@2.5.5, npm/web3-eth-accounts@4.0.3, npm/web3-eth@4.0.3, npm/web3@4.0.3, pypi/idna@3.4, pypi/idna@3.4

View full report↗︎

[socket-security[bot]]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
AI warning	npm/untun@0.1.3	Notes: The code appears to have risky practices such as downloading and executing binaries without validation and potential code execution via execSync. It does not contain obvious malware, but there is a risk associated with executing downloaded binaries and scripts without proper validation or integrity checks. Confidence: 1.00 Severity: 0.60	packages/contracts-ts/package.json pnpm-lock.yaml
Native code	npm/utf-8-validate@6.0.4	Location: Package overview	packages/contracts-ts/package.json pnpm-lock.yaml

View full report↗︎

Next steps

What is an AI detected anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/untun@0.1.3
• @SocketSecurity ignore npm/utf-8-validate@6.0.4

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 31.00%. Comparing base (5b34a86) to head (3531928).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #125 +/- ## =========================================== + Coverage 27.94% 31.00% +3.06% =========================================== Files 167 63 -104 Lines 7397 3757 -3640 Branches 1282 766 -516 =========================================== - Hits 2067 1165 -902 + Misses 5209 2517 -2692 + Partials 121 75 -46 ``` | [Flag](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | Coverage Δ | | |---|---|---| | [cannon-go-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `?` | | | [chain-mon-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `27.14% <ø> (ø)` | | | [common-ts-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `26.72% <ø> (ø)` | | | [contracts-bedrock-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `?` | | | [contracts-ts-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `12.25% <ø> (ø)` | | | [core-utils-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `44.03% <ø> (ø)` | | | [sdk-next-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `?` | | | [sdk-tests](https://app.codecov.io/gh/celo-org/optimism/pull/125/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org) | `40.27% <ø> (-1.27%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org#carryforward-flags-in-the-pull-request-comment) to find out more. [see 113 files with indirect coverage changes](https://app.codecov.io/gh/celo-org/optimism/pull/125/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=celo-org)