chore(repo): switch from pnpm to bun #227

mrcnk · 2024-11-06T22:09:24Z

Describe changes

Ticket or discussion link

Review checklist

Proper documentation added
Proper tests added

Screenshots

deepsource-io · 2024-11-06T22:09:59Z

Here's the code health analysis summary for commits 2bc5d5c..169de40. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success	❗ 23 occurences introduced 🎯 33 occurences resolved	View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

packages/vault/src/account/accountStore.ts

@@ -38,6 +38,9 @@
    const account = accounts[networkId]?.[address] ?? {}
    set(
      produce((state) => {
+        state.accounts[networkId] = state.accounts[networkId] ?? {}
+        state.accounts[networkId][address] =


To fix the prototype pollution vulnerability, we need to ensure that the networkId parameter cannot be used to modify Object.prototype. One effective way to do this is to validate the networkId parameter before using it as a key in the state.accounts object. We can reject any networkId that matches __proto__, constructor, or prototype.

packages/vault/src/account/accountStore.ts

@@ -50,6 +53,9 @@
    const account = accounts[networkId]?.[address] ?? {}
    set(
      produce((state) => {
+        state.accounts[networkId] = state.accounts[networkId] ?? {}
+        state.accounts[networkId][address] =


To fix the prototype pollution vulnerability, we need to ensure that the networkId cannot be set to special property names like __proto__, constructor, or prototype. This can be achieved by adding a check to reject these values before using networkId as a key in the state.accounts object.

The best way to fix this without changing existing functionality is to add a validation step for networkId in each function where it is used. If networkId is one of the special property names, we can return early or handle the error appropriately.

chore(repo): switch from pnpm to bun

4459848

chore(repo): refactor unit tests to bun test

443af15

github-advanced-security bot found potential problems Nov 7, 2024

View reviewed changes

mrcnk added 2 commits November 7, 2024 14:45

chore(repo): remove vitest legacy

02abcb9

chore(repo): set stricter type checking

169de40

mrcnk merged commit a9f95d9 into main Nov 7, 2024
4 checks passed

mrcnk deleted the chore/switch-to-bun branch November 7, 2024 14:29

@@ -21,2 +21,5 @@
               ensureAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  throw new Error('Invalid networkId');
+                }
                 set(
@@ -36,2 +39,5 @@
               setAccountInfo: (networkId, address, accountInfo) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  throw new Error('Invalid networkId');
+                }
                 const { accounts } = get()
@@ -51,2 +57,5 @@
               setTransactions: (networkId, address, transactions) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  throw new Error('Invalid networkId');
+                }
                 const { accounts } = get()
@@ -66,2 +75,5 @@
               addAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  throw new Error('Invalid networkId');
+                }
                 set(
@@ -78,2 +90,5 @@
               removeAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  throw new Error('Invalid networkId');
+                }
                 set(

@@ -21,2 +21,5 @@
               ensureAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  return;
+                }
                 set(
@@ -36,2 +39,5 @@
               setAccountInfo: (networkId, address, accountInfo) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  return;
+                }
                 const { accounts } = get()
@@ -51,2 +57,5 @@
               setTransactions: (networkId, address, transactions) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  return;
+                }
                 const { accounts } = get()
@@ -66,2 +75,5 @@
               addAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  return;
+                }
                 set(
@@ -78,2 +90,5 @@
               removeAccount: (networkId, address) => {
+                if (networkId === '__proto__' || networkId === 'constructor' || networkId === 'prototype') {
+                  return;
+                }
                 set(

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(repo): switch from pnpm to bun #227

chore(repo): switch from pnpm to bun #227

mrcnk commented Nov 6, 2024

deepsource-io bot commented Nov 6, 2024 •

edited

Loading

Analysis Summary

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

chore(repo): switch from pnpm to bun #227

chore(repo): switch from pnpm to bun #227

Conversation

mrcnk commented Nov 6, 2024

Describe changes

Ticket or discussion link

Review checklist

Screenshots

deepsource-io bot commented Nov 6, 2024 • edited Loading

Analysis Summary

deepsource-io bot commented Nov 6, 2024 •

edited

Loading