Closed berkaltiok closed 1 year ago
New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
Issue | Status |
---|---|
Install scripts | ✅ 0 issues |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|
json-bigint@1.0.0 | None | +1 |
sidorares |
Hey, sorry for the delay in reviewing this. Since this is (afaik) only a problem for one symbol, with known workarounds, I'm wondering about ways to address this without forcing a new (albeit valid but limited-use) dependency...
Hey, sorry for the delay in reviewing this. Since this is (afaik) only a problem for one symbol, with known workarounds, I'm wondering about ways to address this without forcing a new (albeit valid but limited-use) dependency...
Thank you for your return. I've done some research and there seems to be no way to solve it without dependency. I found another solution on Binance developer forums. Instead of using orderId
, it says to use clientOrderId
. In some cases orderId
is not working properly. clientOrderId
is returned as a string, it works fine.
Yes, that's the common workaround to this - inject your own custom order ID instead of using the exchange-provided one: https://github.com/tiagosiebler/binance/issues/208
Summary
In UsdM transactions, when buying ETH and a few other coins, the
orderId
comes as a bigint and the raw version is not accessible. For this reason,getOrder
and similar operations that may requireorderId
cannot get results. By including thejson-bigint
package in the axios process, all data from bigint is now intact.