chore(deps): update dependency hardhat-gas-reporter to v2 - autoclosed

renovate[bot] commented 5 months ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
hardhat-gas-reporter	`1.0.9` -> `2.0.2`

Release Notes

cgewecke/hardhat-gas-reporter (hardhat-gas-reporter)

### [`v2.0.2`](https://togithub.com/cgewecke/hardhat-gas-reporter/releases/tag/v2.0.2): Fix crash with --parallel flag [Compare Source](https://togithub.com/cgewecke/hardhat-gas-reporter/compare/v2.0.1...v2.0.2) #### What's Changed - Fix crash when --parallel flag is used by [@cgewecke](https://togithub.com/cgewecke) in [https://github.com/cgewecke/hardhat-gas-reporter/pull/219](https://togithub.com/cgewecke/hardhat-gas-reporter/pull/219) **Full Changelog**: https://github.com/cgewecke/hardhat-gas-reporter/compare/v2.0.1...v2.0.2 ### [`v2.0.1`](https://togithub.com/cgewecke/hardhat-gas-reporter/releases/tag/v2.0.1): Optimism Ecotone (EIP-4844) [Compare Source](https://togithub.com/cgewecke/hardhat-gas-reporter/compare/v2.0.0...v2.0.1) #### What's Changed - Finalize Optimism Ecotone support and set as default hardfork by [@cgewecke](https://togithub.com/cgewecke) in [https://github.com/cgewecke/hardhat-gas-reporter/pull/213](https://togithub.com/cgewecke/hardhat-gas-reporter/pull/213) **Full Changelog**: https://github.com/cgewecke/hardhat-gas-reporter/compare/v2.0.0...v2.0.1 ### [`v2.0.0`](https://togithub.com/cgewecke/hardhat-gas-reporter/releases/tag/v2.0.0): : Optimism L2 & View/Pure Method Gas [Compare Source](https://togithub.com/cgewecke/hardhat-gas-reporter/compare/373412d97ebba9ed79778bf770d63c421ec81d0b...v2.0.0) ![Screen Shot 2024-03-14 at 12 48 35 PM](https://togithub.com/cgewecke/hardhat-gas-reporter/assets/7332026/4948dd7f-b0ac-4cd7-b3d1-d8f458b0c670) #### What's New - **Configuration** for chains with Etherscan support has been **simplified to a single key**. Just set the `L1` option to one of the [supported networks][2] and the reporter will take care of the rest. (You'll still need a [coinmarketcap][8] api key) ```ts gasReporter: { L1: "gnosis", coinmarketcap: "abc...", } ``` - Gas reporting for **L2 networks** is coming online, starting with **Optimism**. ```ts gasReporter: { L2: "optimism", coinmarketcap: "abc...", } ``` - Gas metrics for `view` and `pure` methods are now available as an option. You can also exclude [intrinsic gas][10] costs for state-changing methods. (⚠️ There are performance hits when the view and pure options are enabled) ```ts gasReporter: { // Debits intrinsic gas for state-changing method calls in order to model contracts // that will never be called by an EOA includeIntrinsicGas: false, // This option executes an additional `eth_estimateGas` for every `eth_call` // detected by the reporter. If you have 1000's of tests setting it to true has a // noticeable performance impact reportPureAndViewMethods: true, // This option can add SIGNIFICANT LAG to test startup time if you have // 100's of contracts in your project. (It parses all the sources in your dependency tree // to identify state variable declarations) excludeAutoGeneratedGetters: true, } ``` - There are **multiple report formats**, [including markdown][9]. - The reporter now supports **sub-gwei gas prices**. Sub-penny cost display is possible by configuring the `currencyDisplayPrecision` option - Dedicated support for the **OpenZeppelin Upgrades** plugin has been added. (Their proxy pattern often resulted in missing gas data because the reporter didn't know what contract was being called - that's all handled under the hood now.) - Dedicated support for the **hardhat-viem** plugin has been added (this was broken and should be fixed by this release) - There are many **new** output, display and low-level **options** - check out the [Config Examples][3] section of the docs - There's additional support for [custom proxy contract resolution][4]. If you're routing your calls through contract middleware you can configure the reporter to understand how that works and get the data you expect. - Additionally: - [eth-gas-reporter][6]'s logic has been ported here and translated to Typescript - The plugin has been decoupled from Mocha so it can be seamlessly integrated with lots of other tasks or test frameworks - There have been big architectural changes and testing improvements and additional features are in the pipeline #### Breaking - Codechecks support was removed because it hasn't been accepting users for a while. I loved codechecks. (Building a github action for the reporter is on the V2 roadmap though). - The JSON object emitted by the reporter has changed to reflect the plugin's internal types. If you've been post-processing that data you'll need to look at the [JSON Output docs][1] and update your logic. - The `gas-reporter:merge` task has been renamed `hhgas:merge` - The `onlyCalledMethods` option has been renamed `showUncalledMethods` and must be set to `true` (if you want that). #### Funding Work on V2 was funded in part by OpenZeppelin via [DRIPS][5], a public goods protocol that helps direct funding to packages in your dependency tree. If you're using DRIPS and want to add hardhat-gas-reporter to the packages you support [its page is here][7]. [1]: https://togithub.com/cgewecke/hardhat-gas-reporter/blob/master/docs/advanced.md#json-output [2]: https://togithub.com/cgewecke/hardhat-gas-reporter/tree/master?tab=readme-ov-file#supported-networks [3]: https://togithub.com/cgewecke/hardhat-gas-reporter/blob/master/docs/advanced.md#config-examples [4]: https://togithub.com/cgewecke/hardhat-gas-reporter/blob/master/docs/advanced.md#proxy-resolvers [5]: https://www.drips.network [6]: https://togithub.com/cgewecke/eth-gas-reporter [7]: https://www.drips.network/app/projects/github/cgewecke/hardhat-gas-reporter [8]: https://coinmarketcap.com/api/pricing/ [9]: https://togithub.com/cgewecke/hardhat-gas-reporter/blob/master/docs/advanced.md#markdown-format-example [10]: https://togithub.com/cgewecke/hardhat-gas-reporter/blob/master/docs/advanced.md#intrinsic-gas **Full Changelog**: https://github.com/cgewecke/hardhat-gas-reporter/compare/v1.10.0...v2.0.0 ### [`v1.0.10`](https://togithub.com/cgewecke/hardhat-gas-reporter/compare/v1.0.9...373412d97ebba9ed79778bf770d63c421ec81d0b) [Compare Source](https://togithub.com/cgewecke/hardhat-gas-reporter/compare/v1.0.9...373412d97ebba9ed79778bf770d63c421ec81d0b)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 5 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nft-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 15, 2024 2:04am

codesandbox[bot] commented 5 months ago

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders
Open Preview

changeset-bot[bot] commented 5 months ago

⚠️ No Changeset found

Latest commit: b5963a84c90b728283f6d286c38caf2907ab87cc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security[bot] commented 5 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@0x/assert@2.1.6	Transitive: environment, network	`+30`	12.6 MB	fberger
npm/@0x/types@2.4.3	None	`+2`	4.44 MB	fberger
npm/@0x/typescript-typings@4.3.0	None	`+6`	5.71 MB	fberger
npm/@0x/utils@4.5.2	network Transitive: environment	`+28`	12.5 MB	fberger
npm/@babel/compat-data@7.23.5	None	`0`	64.6 kB	nicolo-ribaudo
npm/@babel/core@7.23.7	environment, filesystem, unsafe	`+36`	10.2 MB	nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.23.6	Transitive: environment, filesystem	`+6`	2.44 MB	nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.22.15	Transitive: environment, filesystem, unsafe	`+38`	10.3 MB	nicolo-ribaudo
npm/@babel/helper-function-name@7.23.0	Transitive: environment	`+12`	4.59 MB	nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.23.0	Transitive: environment	`+3`	2.55 MB	nicolo-ribaudo
npm/@babel/helper-module-imports@7.22.15	Transitive: environment	`+3`	2.55 MB	nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.22.5	None	`0`	11.9 kB	nicolo-ribaudo
npm/@babel/parser@7.23.6	None	`0`	1.89 MB	nicolo-ribaudo
npm/@babel/plugin-transform-optional-chaining@7.23.4	Transitive: environment, filesystem, unsafe	`+40`	10.3 MB	nicolo-ribaudo
npm/@babel/runtime@7.23.8	None	`0`	246 kB	nicolo-ribaudo
npm/@babel/types@7.23.6	environment	`+2`	2.49 MB	nicolo-ribaudo
npm/@emotion/serialize@1.1.3	environment	`+5`	1.34 MB	emotion-release-bot
npm/@eslint-community/eslint-utils@4.4.0	Transitive: environment, eval, filesystem, shell, unsafe	`+26`	6.03 MB	eslint-community-bot
npm/@eslint-community/regexpp@4.10.0	None	`0`	431 kB	eslint-community-bot
npm/@ethereumjs/block@3.6.3	None	`+3`	3.37 MB	holgerd77
npm/@ethereumjs/common@2.6.0	None	`+1`	2.53 MB	holgerd77
npm/@ethereumjs/tx@3.4.0	None	`+2`	2.94 MB	holgerd77
npm/@ethersproject/abi@5.7.0	Transitive: network	`+20`	2.17 MB	ricmoo
npm/@ethersproject/abstract-provider@5.7.0	Transitive: network	`+17`	1.33 MB	ricmoo
npm/@ethersproject/abstract-signer@5.7.0	Transitive: network	`+18`	1.41 MB	ricmoo
npm/@ethersproject/address@5.7.0	None	`+6`	461 kB	ricmoo
npm/@ethersproject/base64@5.7.0	None	`+2`	162 kB	ricmoo
npm/@ethersproject/basex@5.7.0	None	`+3`	212 kB	ricmoo
npm/@ethersproject/bignumber@5.7.0	None	`+3`	392 kB	ricmoo
npm/@ethersproject/bytes@5.7.0	None	`+1`	150 kB	ricmoo
npm/@ethersproject/constants@5.7.0	None	`+4`	411 kB	ricmoo
npm/@ethersproject/hash@5.7.0	Transitive: network	`+19`	1.67 MB	ricmoo
npm/@ethersproject/hdnode@5.7.0	Transitive: network	`+24`	2.21 MB	ricmoo
npm/@ethersproject/json-wallets@5.7.0	Transitive: network	`+26`	2.35 MB	ricmoo
npm/@ethersproject/keccak256@5.7.0	None	`+2`	156 kB	ricmoo
npm/@ethersproject/logger@5.7.0	None	`0`	69.5 kB	ricmoo
npm/@ethersproject/networks@5.7.1	None	`+1`	117 kB	ricmoo
npm/@ethersproject/pbkdf2@5.7.0	None	`+3`	189 kB	ricmoo
npm/@ethersproject/properties@5.7.0	None	`+1`	100 kB	ricmoo
npm/@ethersproject/providers@5.7.2	network	`+24`	2.96 MB	ricmoo
npm/@ethersproject/random@5.7.0	None	`+2`	168 kB	ricmoo
npm/@ethersproject/rlp@5.7.0	None	`+2`	180 kB	ricmoo
npm/@ethersproject/sha2@5.7.0	None	`+2`	172 kB	ricmoo
npm/@ethersproject/signing-key@5.7.0	None	`+6`	646 kB	ricmoo
npm/@ethersproject/strings@5.7.0	None	`+5`	530 kB	ricmoo
npm/@ethersproject/transactions@5.7.0	None	`+12`	966 kB	ricmoo
npm/@ethersproject/units@5.7.0	None	`+5`	431 kB	ricmoo
npm/@ethersproject/web@5.7.1	network	`+8`	700 kB	ricmoo
npm/@ethersproject/wordlists@5.7.0	Transitive: network	`+20`	2.06 MB	ricmoo
npm/@hookform/devtools@4.3.1	environment Transitive: filesystem	`+25`	7.63 MB	bluebill1049
npm/@ledgerhq/hw-transport@4.78.0	None	`+3`	255 kB	gre
npm/@ljharb/through@2.3.11	None	`+1`	48 kB	ljharb
npm/@noble/curves@1.2.0	None	`+1`	2.1 MB	paulmillr
npm/@noble/hashes@1.3.2	None	`0`	747 kB	paulmillr
npm/@noble/secp256k1@1.7.1	None	`0`	111 kB	paulmillr
npm/@nomiclabs/hardhat-ethers@2.2.3	None	`0`	80.9 kB	fvictorio
npm/@nomiclabs/hardhat-etherscan@3.1.8	environment Transitive: network	`+28`	2.69 MB	fvictorio
npm/@nomiclabs/hardhat-waffle@2.0.6	None	`+1`	130 kB	fvictorio
npm/@openzeppelin/contracts-upgradeable@4.9.5	None	`0`	2.07 MB	ernestognw
npm/@openzeppelin/contracts@4.9.5	None	`0`	2.02 MB	frangio
npm/@openzeppelin/hardhat-upgrades@1.28.0	filesystem Transitive: environment, network	`+51`	11.5 MB	ericglau
npm/@scure/base@1.1.5	None	`0`	79.4 kB	paulmillr
npm/@sindresorhus/is@5.6.0	None	`0`	61.3 kB	sindresorhus
npm/@szmarczak/http-timer@5.0.1	None	`+1`	15.6 kB	szmarczak
npm/@tailwindcss/typography@0.5.10	None	`0`	95.8 kB	thecrypticace
npm/@trivago/prettier-plugin-sort-imports@4.3.0	Transitive: environment	`+25`	6.85 MB	behraang
npm/@trufflesuite/bigint-buffer@1.1.9	None	`0`	253 kB	micaiahreid
npm/@typechain/ethers-v5@11.1.2	filesystem Transitive: network	`+26`	3.54 MB	ethereum-ts-bot
npm/@typechain/hardhat@9.1.0	filesystem Transitive: network	`+10`	20.1 MB	ethereum-ts-bot
npm/@types/bn.js@5.1.5	None	`+1`	3.99 MB	types
npm/@types/cacheable-request@6.0.3	None	`+4`	4 MB	types
npm/@types/chai@4.3.11	None	`0`	76.8 kB	types
npm/@types/http-cache-semantics@4.0.4	None	`0`	9.28 kB	types
npm/@types/lru-cache@5.1.1	None	`0`	9.36 kB	types
npm/@types/mocha@10.0.6	None	`0`	95.6 kB	types
npm/@types/react-dom@18.2.18	None	`+4`	1.66 MB	types
npm/@types/react@18.2.47	None	`+3`	1.63 MB	types
npm/@types/seedrandom@3.0.1	None	`0`	6.27 kB	types
npm/@typescript-eslint/eslint-plugin@7.0.2	Transitive: environment, eval, filesystem, shell, unsafe	`+37`	10.5 MB	jameshenry
npm/@typescript-eslint/parser@7.0.2	Transitive: environment, eval, filesystem, shell, unsafe	`+31`	7.39 MB	jameshenry
npm/@vitejs/plugin-react-refresh@1.3.6	filesystem Transitive: environment, unsafe	`+41`	10.3 MB	patak
npm/@walletconnect/encoding@1.0.2	None	`0`	294 kB	bkrem
npm/@walletconnect/jsonrpc-types@1.0.3	None	`0`	74.1 kB	gancho_walletconnect
npm/@walletconnect/jsonrpc-utils@1.0.8	None	`+2`	419 kB	gancho_walletconnect
npm/@walletconnect/safe-json@1.0.2	None	`0`	215 kB	gancho_walletconnect
npm/@walletconnect/types@1.8.0	None	`0`	11.1 kB	bkrem
npm/@walletconnect/window-getters@1.0.0	None	`0`	100 kB	pedrouid
npm/@web3-react/core@6.1.9	environment	`+5`	470 kB	noahwz
npm/@web3-react/injected-connector@6.0.7	environment	`+2`	263 kB	noahwz
npm/@web3-react/network-connector@6.2.9	environment, network	`+2`	167 kB	noahwz
npm/@web3-react/walletconnect-connector@6.2.13	environment Transitive: network	`+38`	6.49 MB	noahwz
npm/@yarnpkg/lockfile@1.1.0	environment, eval, filesystem	`0`	280 kB	arcanis
npm/abbrev@1.0.9	None	`0`	3.41 kB	isaacs
npm/abstract-level@1.0.3	None	`+3`	590 kB	vweevers
npm/abstract-leveldown@6.3.0	None	`+3`	327 kB	vweevers
npm/accepts@1.3.8	None	`0`	16.8 kB	dougwilson
npm/aes-js@4.0.0-beta.5	None	`0`	738 kB	ricmoo
npm/ajv@6.12.6	eval	`0`	929 kB	esp
npm/arr-diff@4.0.0	None	`0`	7.9 kB	jonschlinkert
npm/arr-flatten@1.1.0	None	`0`	6.88 kB	jonschlinkert
npm/arr-union@3.1.0	None	`0`	6.66 kB	jonschlinkert
npm/array-back@3.1.0	None	`0`	8.95 kB	75lb
npm/array-flatten@1.1.1	None	`0`	4.42 kB	blakeembrey
npm/array-includes@3.1.7	None	`+8`	2.19 MB	ljharb
npm/array-unique@0.3.2	None	`0`	7.16 kB	jonschlinkert
npm/array.prototype.flat@1.3.2	None	`+9`	2.2 MB	ljharb
npm/array.prototype.flatmap@1.3.2	None	`+9`	2.2 MB	ljharb
npm/array.prototype.reduce@1.0.6	None	`+9`	2.2 MB	ljharb
npm/asn1.js@5.4.1	None	`0`	49.8 kB	indutny
npm/assert-plus@1.0.0	environment	`0`	11.4 kB	pfmooney
npm/assign-symbols@1.0.0	None	`0`	5.85 kB	phated
npm/async-eventemitter@0.2.4	None	`+1`	560 kB	ahultgren
npm/async@2.6.4	None	`0`	541 kB	hargasinski
npm/atob@2.1.2	None	`0`	36.2 kB	coolaj86
npm/autoprefixer@10.4.16	environment Transitive: filesystem	`+3`	2.49 MB	ai
npm/babel-core@6.26.3	environment, filesystem, unsafe Transitive: eval	`+30`	3.42 MB	loganfsmyth
npm/babel-plugin-transform-es2015-modules-amd@6.24.1	Transitive: environment, eval, filesystem	`+20`	3.05 MB	hzoo
npm/babel-plugin-transform-es2015-modules-commonjs@6.26.2	Transitive: environment, eval, filesystem	`+19`	3.04 MB	loganfsmyth
npm/babel-runtime@6.26.0	Transitive: environment, eval, filesystem	`+2`	2.34 MB	hzoo
npm/babel-template@6.26.0	Transitive: environment, eval, filesystem	`+17`	3.01 MB	hzoo
npm/babel-traverse@6.26.0	environment Transitive: eval, filesystem	`+16`	3 MB	hzoo
npm/babel-types@6.26.0	Transitive: environment, eval, filesystem	`+4`	2.48 MB	hzoo
npm/base-x@3.0.9	None	`0`	9.35 kB	junderw
npm/base@0.11.2	None	`+8`	121 kB	jonschlinkert
npm/bip39@3.0.4	None	`+3`	958 kB	junderw
npm/bluebird@3.7.2	environment, eval, unsafe	`0`	632 kB	esailija
npm/bn.js@5.2.1	None	`0`	99 kB	fanatid
npm/body-parser@1.20.1	network Transitive: environment, eval, filesystem, unsafe	`+7`	710 kB	dougwilson
npm/brorand@1.1.0	None	`0`	3.52 kB	indutny
npm/browserify-aes@1.2.0	None	`+3`	47.8 kB	cwmma
npm/browserify-cipher@1.0.1	None	`+6`	100 kB	cwmma
npm/browserify-rsa@4.1.0	None	`+1`	103 kB	cwmma
npm/browserify-sign@4.2.2	None	`+7`	259 kB	ljharb
npm/browserslist@4.22.2	environment, filesystem	`+2`	2.29 MB	ai
npm/bs58@4.0.1	None	`+1`	13.9 kB	dcousens
npm/buffer-from@1.1.2	None	`0`	5.05 kB	linusu
npm/buffer-to-arraybuffer@0.0.5	None	`0`	6.24 kB	miguelmota
npm/buffer@4.9.2	None	`+1`	273 kB	feross
npm/bufferutil@4.0.5	None	`0`	407 kB	lpinca
npm/bytewise-core@1.2.3	None	`0`	31.8 kB	deanlandolt
npm/bytewise@1.1.0	None	`+1`	45.8 kB	deanlandolt
npm/cacheable-lookup@7.0.0	None	`0`	25.2 kB	sindresorhus
npm/cacheable-request@10.2.14	None	`+2`	90.6 kB	jaredwray
npm/cachedown@1.0.0	None	`+2`	181 kB	tradle
npm/caniuse-lite@1.0.30001576	None	`0`	1.96 MB	caniuse-lite
npm/catering@2.1.1	None	`0`	5 kB	vweevers
npm/chai@4.4.1	None	`+3`	799 kB	keithamus
npm/chownr@1.1.4	filesystem	`0`	5.71 kB	isaacs
npm/cids@0.7.5	None	`+2`	2.18 MB	vmx
npm/cipher-base@1.0.4	None	`0`	7.95 kB	cwmma
npm/clone-response@1.0.3	None	`+1`	8.11 kB	sindresorhus
npm/clone@2.1.2	None	`0`	15.9 kB	pvorb
npm/combined-stream@1.0.8	None	`+1`	19.5 kB	alexindigo
npm/commander@3.0.2	filesystem, shell	`0`	77.9 kB	abetomo
npm/console-control-strings@1.1.0	None	`0`	12.7 kB	iarna
npm/content-disposition@0.5.4	None	`0`	19.1 kB	dougwilson
npm/content-hash@2.5.2	None	`+5`	2.8 MB	pldespaigne
npm/content-type@1.0.5	None	`0`	10.5 kB	dougwilson
npm/convert-source-map@1.9.0	filesystem	`0`	11.4 kB	thlorenz
npm/cookie-signature@1.0.6	None	`0`	3.94 kB	natevw
npm/cookie@0.4.2	None	`0`	19.7 kB	dougwilson
npm/cookiejar@2.1.4	None	`0`	14.5 kB	andyburke
npm/core-js-compat@3.35.0	Transitive: environment, filesystem	`+3`	2.99 MB	zloirock
npm/core-js@2.6.12	environment, eval, filesystem	`0`	2.26 MB	zloirock
npm/core-util-is@1.0.2	None	`0`	23.2 kB	isaacs
npm/cors@2.8.5	None	`0`	20 kB	dougwilson
npm/create-ecdh@4.0.4	None	`+2`	127 kB	cwmma
npm/create-hash@1.2.0	None	`+1`	13.2 kB	cwmma
npm/create-hmac@1.1.7	None	`+2`	19 kB	cwmma
npm/crypto-browserify@3.12.0	None	`+15`	423 kB	cwmma
npm/crypto-js@3.3.0	None	`0`	430 kB	evanvosberg
npm/d@1.0.1	Transitive: eval	`+3`	444 kB	medikoo
npm/daisyui@4.6.0	None	`+3`	4 MB	saadeghi
npm/decompress-response@6.0.0	None	`+1`	11.5 kB	sindresorhus
npm/deep-extend@0.6.0	None	`0`	9.19 kB	unclechu
npm/deep-is@0.1.4	None	`0`	8.11 kB	thlorenz
npm/defer-to-connect@2.0.1	None	`0`	5.44 kB	szmarczak
npm/deferred-leveldown@5.3.0	None	`+2`	262 kB	vweevers
npm/define-property@1.0.0	None	`+1`	27.4 kB	jonschlinkert
npm/dequal@2.0.3	None	`0`	14.2 kB	lukeed
npm/duplexer3@0.1.5	None	`0`	5.69 kB	sindresorhus
npm/electron-to-chromium@1.4.630	None	`0`	268 kB	kilianvalkhof
npm/elliptic@6.5.4	None	`+1`	122 kB	indutny
npm/encodeurl@1.0.2	None	`0`	7.86 kB	dougwilson
npm/encoding-down@6.3.0	None	`+4`	373 kB	vweevers
npm/es-iterator-helpers@1.0.15	None	`+9`	2.33 MB	ljharb
npm/es5-ext@0.10.62	eval	`+3`	444 kB	medikoo
npm/es6-symbol@3.1.3	Transitive: eval	`+3`	444 kB	medikoo
npm/escape-html@1.0.3	None	`0`	3.66 kB	dougwilson
npm/escape-string-regexp@4.0.0	None	`0`	3.79 kB	sindresorhus
npm/eslint-config-productsway@1.3.1	Transitive: environment, eval, filesystem, shell, unsafe	`+38`	10.5 MB	jellydn
npm/eslint@8.56.0	environment, filesystem Transitive: eval, shell, unsafe	`+26`	6.03 MB	eslintbot

🚮 Removed packages: npm/@fastify/autoload@5.8.0, npm/@fastify/cors@9.0.1, npm/@fastify/deepmerge@1.3.0, npm/@fastify/error@3.4.1, npm/@fastify/multipart@8.1.0, npm/@fastify/sensible@5.5.0, npm/@istanbuljs/schema@0.1.3, npm/@sinclair/typebox@0.32.9, npm/@types/busboy@1.5.3, npm/@types/tap@15.0.11, npm/agent-base@7.1.0, npm/ajv@8.12.0, npm/close-with-grace@1.2.0, npm/cross-env@7.0.3, npm/fast-deep-equal@3.1.3, npm/fast-json-stringify@5.10.0, npm/fast-uri@2.3.0, npm/fastify-cli@6.0.1, npm/fastify-plugin@4.5.1, npm/fastify-tsconfig@2.0.0, npm/fastify@4.25.2, npm/fastq@1.16.0, npm/foreground-child@3.1.1, npm/forwarded@0.2.0, npm/fsevents@2.3.3, npm/get-intrinsic@1.2.2, npm/has-property-descriptors@1.0.1, npm/has-symbols@1.0.3, npm/inherits@2.0.4, npm/interface-blockstore@2.0.3, npm/interface-store@2.0.2, npm/ipfs-core-types@0.8.4, npm/ipfs-unixfs@6.0.9, npm/is-core-module@2.13.1, npm/is-glob@4.0.3, npm/istanbul-lib-coverage@3.2.2, npm/istanbul-lib-report@3.0.1, npm/it-all@1.0.6, npm/it-batch@1.0.9, npm/jackspeak@2.3.6, npm/joycon@3.1.1, npm/js-tokens@4.0.0, npm/merge2@1.4.1, npm/minimist@1.2.8, npm/minipass@7.0.4, npm/minizlib@2.1.2, npm/mkdirp@3.0.1, npm/ms@2.1.2, npm/multiformats@9.9.0, npm/nanoid@3.3.7, npm/nft.storage@7.1.1, npm/node-fetch@2.7.0, npm/normalize-path@3.0.0, npm/once@1.4.0, npm/onetime@5.1.2, npm/p-limit@2.3.0, npm/path-key@3.1.1, npm/path-scurry@1.10.1, npm/picomatch@2.3.1, npm/pino-abstract-transport@1.1.0, npm/pirates@4.0.6, npm/readable-stream@3.6.2, npm/resolve-import@1.4.5, npm/rfdc@1.3.0, npm/rimraf@5.0.5, npm/secure-json-parse@2.7.0, npm/signal-exit@4.1.0, npm/sonic-boom@3.8.0, npm/stream-to-it@0.2.4, npm/string_decoder@1.3.0, npm/sync-content@1.0.2, npm/tap@18.6.1, npm/tar@6.2.0, npm/tshy@1.8.2, npm/tsup@8.0.1, npm/tsx@4.7.0, npm/typescript@5.3.3, npm/validate-npm-package-license@3.0.4, npm/which-typed-array@1.1.13, npm/yaml@2.3.4

View full report↗︎

socket-security[bot] commented 5 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js@2.6.12	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	Source
Protestware/Troll package	npm/es5-ext@0.10.62	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	Source
Install scripts	npm/es5-ext@0.10.62	Install script: postinstall Source: `node -e "try{require('./_postinstall')}catch(e){}" \|\| exit 0`	Source
Install scripts	npm/core-js-pure@3.35.0	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	orphan: npm/core-js-pure@3.35.0

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/core-js@2.6.12
@SocketSecurity ignore npm/es5-ext@0.10.62
@SocketSecurity ignore npm/core-js-pure@3.35.0

jellydn / nft-app