Malware in scrypt-shim dependency used here.

traderjoe-xyz / joe-sdk

🛠 An SDK for building applications on top of Trader Joe.

MIT License

34 stars 29 forks source link

Malware in scrypt-shim dependency used here. #26

Closed Faouzijedidi1 closed 2 years ago

Faouzijedidi1 commented 2 years ago

Security Threat

In the current verison of Trader Joe sdk there is a dependency called @openzeppelin/cli@2.8.2 which is no longer being developed and needs to be upgraded urgently. The reason is that it has dependencies that result in the installation of scrypt-shim@github:web3-js/scrypt-shim . This package contains malicious code and presents a high risk security threat and should be removed as soon as possible. scrypt-shim : npmjs has flagged this as well.

xir0dev commented 2 years ago

Addressed in this PR https://github.com/traderjoe-xyz/joe-sdk/pull/40