thirdweb-dev / contracts

Collection of smart contracts deployable via thirdweb
https://docs.thirdweb.com/contracts
Apache License 2.0
993 stars 504 forks source link

[Do not merge] Setup hardhat zksync plugin #645

Open kumaryash90 opened 5 months ago

socket-security[bot] commented 5 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@matterlabs/hardhat-zksync-deploy@1.3.0 filesystem Transitive: environment, eval, network, shell +48 39.8 MB npm-matterlabs
npm/@matterlabs/hardhat-zksync-solc@1.1.4 filesystem, shell Transitive: environment, eval, network, unsafe +50 10.8 MB npm-matterlabs
npm/@matterlabs/hardhat-zksync@0.1.0 Transitive: environment, eval, filesystem, network, shell, unsafe +77 33.8 MB npm-matterlabs
npm/@matterlabs/zksync-contracts@0.6.1 None +2 3.89 MB vladbochok
npm/@noble/curves@1.2.0 None 0 1.35 MB paulmillr
npm/@noble/hashes@1.3.2 None 0 747 kB paulmillr
npm/@noble/secp256k1@1.7.1 None 0 111 kB paulmillr
npm/@nomicfoundation/hardhat-chai-matchers@2.0.6 Transitive: network +7 5.3 MB schaable
npm/@nomicfoundation/hardhat-ethers@3.0.5 Transitive: network +4 1.6 MB fvictorio
npm/@nomicfoundation/hardhat-foundry@1.1.1 filesystem, shell Transitive: environment +7 110 kB fvictorio
npm/@nomicfoundation/hardhat-network-helpers@1.0.10 None 0 113 kB fvictorio
npm/@nomicfoundation/hardhat-toolbox@4.0.0 environment Transitive: network +3 1.33 MB fvictorio
npm/@nomicfoundation/hardhat-verify@2.0.6 environment Transitive: network, unsafe +10 1.75 MB kanej
npm/@nomiclabs/hardhat-etherscan@3.1.8 environment Transitive: filesystem, network, unsafe +9 1.57 MB fvictorio
npm/@scure/base@1.1.6 None 0 80.4 kB paulmillr
npm/@sinonjs/commons@3.0.1 None 0 38 kB mrgnrdrck
npm/@typechain/ethers-v6@0.5.1 filesystem Transitive: network +4 1.48 MB ethereum-ts-bot
npm/@typechain/hardhat@9.1.0 filesystem Transitive: network +7 1.5 MB ethereum-ts-bot
npm/@types/chai@4.3.16 None 0 82.2 kB types
npm/abbrev@1.0.9 None 0 3.41 kB isaacs
npm/axios@1.6.8 network Transitive: environment, filesystem +5 2.17 MB jasonsaayman
npm/call-bind@1.0.7 None +4 87.8 kB ljharb
npm/caseless@0.12.0 None 0 14.3 kB mikeal
npm/cbor@8.1.0 None +1 206 kB hildjj
npm/chai@4.4.1 None +3 834 kB keithamus
npm/check-error@1.0.3 None 0 14.4 kB keithamus
npm/chokidar@3.6.0 environment, filesystem +5 302 kB paulmillr
npm/chownr@1.1.4 filesystem 0 5.71 kB isaacs
npm/cipher-base@1.0.4 None 0 7.95 kB cwmma
npm/colors@1.4.0 environment 0 39.5 kB dabh
npm/combined-stream@1.0.8 None +1 19.5 kB alexindigo
npm/concat-stream@1.6.2 None +5 52.6 kB mafintosh
npm/create-hash@1.2.0 None +3 51.1 kB cwmma
npm/create-hmac@1.1.7 None 0 5.81 kB cwmma
npm/deep-eql@4.1.3 None 0 24.2 kB chai
npm/define-data-property@1.1.4 None +2 50.4 kB ljharb
npm/define-properties@1.2.1 None +1 39.4 kB ljharb
npm/end-of-stream@1.4.4 None 0 6.23 kB mafintosh
npm/es-abstract@1.23.3 None +45 3.35 MB ljharb
npm/es-errors@1.3.0 None 0 12.3 kB ljharb
npm/esprima@2.7.3 None 0 219 kB ariya
npm/ethereum-cryptography@0.1.3 Transitive: environment, filesystem +18 3.85 MB alcuadrado
npm/ethereumjs-util@7.1.5 None +1 324 kB holgerd77
npm/ethjs-util@0.1.6 None +2 244 kB silentcicero
npm/follow-redirects@1.15.6 network 0 29.4 kB rubenverborgh
npm/fp-ts@1.19.3 None 0 2 MB gcanti
npm/get-func-name@2.0.2 None 0 8.68 kB keithamus
npm/get-intrinsic@1.2.4 eval +1 73.1 kB ljharb
npm/hardhat-contract-sizer@2.5.0 filesystem Transitive: environment +2 95 kB itsnickbarry
npm/hardhat-gas-reporter@1.0.10 filesystem Transitive: environment, eval, network, shell, unsafe +76 17.1 MB cgewecke
npm/hardhat@2.22.3 environment, filesystem, network, shell Transitive: eval, unsafe +141 162 MB kanej
npm/has-bigints@1.0.2 None 0 12.8 kB ljharb
npm/has-property-descriptors@1.0.2 None +1 22.7 kB ljharb
npm/has-proto@1.0.3 None 0 12 kB ljharb
npm/has-symbols@1.0.3 None 0 20.6 kB ljharb
npm/has-tostringtag@1.0.2 None 0 17.6 kB ljharb
npm/hasown@2.0.2 None +1 40.2 kB ljharb
npm/is-callable@1.2.7 None 0 28.9 kB ljharb
npm/is-core-module@2.13.1 None 0 30.2 kB ljharb
npm/is-shared-array-buffer@1.0.3 None 0 18.7 kB ljharb
npm/is-string@1.0.7 None 0 19.1 kB ljharb
npm/is-symbol@1.0.4 None 0 22 kB ljharb
npm/minimist@1.2.8 None 0 54.5 kB ljharb
npm/mkdirp@0.5.6 filesystem 0 7.69 kB isaacs
npm/nan@2.19.0 None 0 429 kB kkoopa
npm/path-parse@1.0.7 None 0 4.51 kB jbgutierrez
npm/proper-lockfile@4.1.2 None +2 72 kB hugomrdias
npm/readable-stream@1.0.34 environment +3 75.6 kB cwmma
npm/resolve@1.17.0 filesystem 0 105 kB ljharb
npm/ripemd160@2.0.2 None +2 48 kB dcousens
npm/rlp@2.2.7 None 0 62.9 kB ralxz
npm/safe-buffer@5.1.2 None 0 31.7 kB feross
npm/safer-buffer@2.1.2 None 0 42.3 kB chalker
npm/seaport-core@1.6.6 None 0 606 kB jameswenzel
npm/seaport-types@1.6.3 None 0 318 kB jameswenzel
npm/semver@7.6.1 None 0 95.5 kB npm-cli-ops
npm/sha.js@2.4.11 None 0 31.1 kB dcousens
npm/side-channel@1.0.6 None +1 120 kB ljharb
npm/solidity-ast@0.4.45 None 0 227 kB frangio
npm/solidity-coverage@0.8.12 environment, filesystem Transitive: eval, network, unsafe +112 20.2 MB cgewecke
npm/split-ca@1.0.1 filesystem 0 9.61 kB bushong1
npm/ssh2@1.15.0 environment, eval, filesystem, network, shell +5 1.96 MB mscdex
npm/string_decoder@1.1.1 None 0 15.3 kB matteo.collina
npm/supports-preserve-symlinks-flag@1.0.0 None 0 9.18 kB ljharb
npm/table@6.8.2 Transitive: eval +8 1.92 MB gajus-table
npm/type-detect@4.0.8 None 0 42.1 kB chaijs
npm/which-typed-array@1.1.15 None +4 92.7 kB ljharb
npm/zksync-ethers@5.7.0 None 0 1.46 MB npm-matterlabs

🚮 Removed packages: npm/semver@7.5.4

View full report↗︎

socket-security[bot] commented 5 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package Note
Install scripts npm/ssh2@1.15.0
  • Install script: install
  • Source: node install.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/ssh2@1.15.0