Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use zod for sequencer config #5419

Closed
wants to merge 1 commit into from
Closed

feat: use zod for sequencer config #5419

wants to merge 1 commit into from

Conversation

alexghr
Copy link
Contributor

@alexghr alexghr commented Mar 25, 2024
edited
Loading

This PR uses zod for validating the sequencer's configuration. See #5310 (comment) for more info

@alexghr Graphite App
Copy link
Contributor Author

alexghr commented Mar 25, 2024

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @alexghr and the rest of your teammates on Graphite Graphite

@alexghr alexghr force-pushed the 03-24-feat_use_zod_for_config branch 2 times, most recently from 195294c to abce5b6 Compare March 26, 2024 13:21
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 26, 2024
edited
Loading

Benchmark results

No metrics with a significant change found.

Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Values are compared against data from master at commit 22922142 and shown if the difference exceeds 1%.

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric 8 txs 32 txs 64 txs
l1_rollup_calldata_size_in_bytes 676 676 676
l1_rollup_calldata_gas 6,424 6,418 6,424
l1_rollup_execution_gas 585,757 585,751 585,757
l2_block_processing_time_in_ms 1,331 (+1%) 4,770 9,207 (-2%)
note_successful_decrypting_time_in_ms 202 (+10%) 528 1,031 (+9%)
note_trial_decrypting_time_in_ms 81.6 (-7%) 48.8 (+12%) 87.1 (+8%)
l2_block_building_time_in_ms 13,975 (+2%) 51,102 101,314 (+1%)
l2_block_rollup_simulation_time_in_ms 7,935 (-1%) 28,017 (-1%) 55,153 (+1%)
l2_block_public_tx_process_time_in_ms 6,017 (+5%) 23,036 (+1%) 46,061 (+2%)

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 16 txs.

Metric 5 blocks 10 blocks
node_history_sync_time_in_ms 15,025 (+7%) 27,298
note_history_successful_decrypting_time_in_ms 1,242 (+1%) 2,448 (-2%)
note_history_trial_decrypting_time_in_ms 88.8 (-12%) 131 (-20%)
node_database_size_in_bytes 18,667,600 35,055,696
pxe_database_size_in_bytes 29,859 59,414

Circuits stats

Stats on running time and I/O sizes collected for every circuit run across all benchmarks.

Circuit circuit_simulation_time_in_ms circuit_input_size_in_bytes circuit_output_size_in_bytes
private-kernel-init 235 (+3%) 44,379 28,214
private-kernel-ordering 207 (+2%) 52,880 14,296
base-parity 3,920 (+12%) 128 311
root-parity 1,451 (+13%) 1,244 311
base-rollup 17,260 (+5%) 165,760 861
root-rollup 49.8 (+1%) 4,359 725
private-kernel-inner 305 (+3%) 73,795 28,214
public-kernel-app-logic 129 (+8%) 35,252 28,217
public-kernel-tail 175 (+6%) 40,928 28,217
merge-rollup 8.82 (+7%) 2,568 861
public-kernel-teardown 118 (+1%) 35,252 28,217
public-kernel-setup 116 35,252 28,217

Tree insertion stats

The duration to insert a fixed batch of leaves into each tree type.

Metric 1 leaves 16 leaves 64 leaves 128 leaves 512 leaves 1024 leaves 2048 leaves 4096 leaves 32 leaves
batch_insert_into_append_only_tree_16_depth_ms 10.0 (+1%) 16.1 (+1%) N/A N/A N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_16_depth_hash_count 16.8 31.6 N/A N/A N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_16_depth_hash_ms 0.585 0.496 (+1%) N/A N/A N/A N/A N/A N/A N/A
batch_insert_into_append_only_tree_32_depth_ms N/A N/A 46.8 72.4 233 452 (+3%) 876 1,727 (-6%) N/A
batch_insert_into_append_only_tree_32_depth_hash_count N/A N/A 96.0 159 543 1,055 2,079 4,127 N/A
batch_insert_into_append_only_tree_32_depth_hash_ms N/A N/A 0.479 0.446 (+1%) 0.425 0.422 (+3%) 0.416 0.413 (-6%) N/A
batch_insert_into_indexed_tree_20_depth_ms N/A N/A 55.6 (+2%) 107 (+1%) 339 (+1%) 671 (+3%) 1,314 2,608 N/A
batch_insert_into_indexed_tree_20_depth_hash_count N/A N/A 104 (-1%) 207 691 1,363 2,707 5,395 N/A
batch_insert_into_indexed_tree_20_depth_hash_ms N/A N/A 0.491 (+2%) 0.482 (+1%) 0.460 (+1%) 0.462 (+3%) 0.456 0.454 N/A
batch_insert_into_indexed_tree_40_depth_ms N/A N/A N/A N/A N/A N/A N/A N/A 61.9 (+2%)
batch_insert_into_indexed_tree_40_depth_hash_count N/A N/A N/A N/A N/A N/A N/A N/A 109
batch_insert_into_indexed_tree_40_depth_hash_ms N/A N/A N/A N/A N/A N/A N/A N/A 0.540 (+2%)

Miscellaneous

Transaction sizes based on how many contract classes are registered in the tx.

Metric 0 registered classes 1 registered classes
tx_size_in_bytes 14,968 495,185

Transaction size based on fee payment method

Metric none fee payment method native fee payment method fpc_public fee payment method fpc_private fee payment method
tx_with_fee_size_in_bytes 773 905 1,161 1,377

Transaction processing duration by data writes.

Metric 0 new note hashes 1 new note hashes 2 new note hashes
tx_pxe_processing_time_ms 2,155 (+3%) 1,400 (+2%) 4,742 (+1%)
Metric 0 public data writes 1 public data writes 2 public data writes 3 public data writes 4 public data writes 5 public data writes 8 public data writes
tx_sequencer_processing_time_ms 12.6 (+21%) 746 (+7%) 522 (-1%) 1,441 (+1%) 588 (+1%) 2,503 (+1%) 675 (+1%)

@alexghr alexghr marked this pull request as ready for review March 26, 2024 14:10
@alexghr alexghr force-pushed the 03-24-feat_use_zod_for_config branch from abce5b6 to a60c28f Compare March 26, 2024 14:32
just-mitch
just-mitch approved these changes Mar 26, 2024
View reviewed changes
yarn-project/foundation/src/eth-address/index.ts
return true;
}

if ('buffer' in value && Buffer.isBuffer(value.buffer) && value.buffer.length === EthAddress.SIZE_IN_BYTES) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: might be safer here to try/catch fromBuffer. this is making assumptions about the validity checks in the constructor.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, would it look something like:

try {
  if ('toBuffer' in value && EthAddress.fromBuffer(value.toBuffer()) {
    return true;
  }
} catch {
  return false;
}

I think that will work and be safe but we'd be creating objects and discarding them immediately.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is what I had meant, but perhaps the best approach is to extract the validation code to a function that both this typeguard and the constructor use?

yarn-project/sequencer-client/src/publisher/config.ts Outdated

/**
* The RPC Url of the ethereum host.
*/
rpcUrl: string;
rpcUrl: z.string().optional().default(''),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if you were aware, zod does have a url validator. Saw this comment on github

z.string().url().optional().or(z.literal(''))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh that's great. I hadn't considered enforcing it be an url

yarn-project/sequencer-client/src/config.ts
l1BlockPublishRetryIntervalMS: SEQ_PUBLISH_RETRY_INTERVAL_MS ? +SEQ_PUBLISH_RETRY_INTERVAL_MS : 1_000,
transactionPollingIntervalMS: SEQ_TX_POLLING_INTERVAL_MS ? +SEQ_TX_POLLING_INTERVAL_MS : 1_000,
l1Contracts: addresses,
return sequencerClientConfig.parse({
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

yarn-project/aztec/src/cli/util.ts Outdated
const [key, value] = option.split('=');
const [key, value] = options.includes('=')
? option.split('=')
: option.includes(':')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need the colon variety?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly we don't but while testing I kept doing using colon instead of equals. i'll remove

@alexghr alexghr enabled auto-merge (squash) March 26, 2024 14:58
@alexghr alexghr disabled auto-merge March 26, 2024 14:58
@alexghr alexghr force-pushed the 03-24-feat_use_zod_for_config branch from a60c28f to e51a21d Compare March 26, 2024 15:50
@socket-security Socket Security
Copy link

socket-security bot commented Mar 26, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/code-frame@7.22.13 Transitive: environment +7 167 kB nicolo-ribaudo
npm/@babel/compat-data@7.22.20 None 0 64.1 kB nicolo-ribaudo
npm/@babel/core@7.23.0 environment, filesystem, unsafe +3 938 kB nicolo-ribaudo
npm/@babel/generator@7.23.0 None +1 519 kB nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.22.15 None +2 79.5 kB nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.22.15 None +5 275 kB nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.22.15 None +7 832 kB nicolo-ribaudo
npm/@babel/helper-module-transforms@7.23.0 None +3 231 kB nicolo-ribaudo
npm/@babel/helper-remap-async-to-generator@7.22.20 None +2 29.4 kB nicolo-ribaudo
npm/@babel/helper-replace-supers@7.22.20 None +2 93.5 kB nicolo-ribaudo
npm/@babel/helpers@7.23.1 None 0 581 kB nicolo-ribaudo
npm/@babel/parser@7.23.0 None 0 1.89 MB nicolo-ribaudo
npm/@babel/plugin-transform-modules-commonjs@7.23.0 None +1 56.4 kB nicolo-ribaudo
npm/@babel/plugin-transform-parameters@7.22.15 None 0 64.9 kB nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx@7.22.15 None +2 88.2 kB nicolo-ribaudo
npm/@babel/preset-env@7.22.20 environment Transitive: unsafe +83 1.92 MB nicolo-ribaudo
npm/@babel/runtime@7.23.1 None +1 275 kB nicolo-ribaudo
npm/@babel/template@7.22.15 None 0 69.2 kB nicolo-ribaudo
npm/@babel/traverse@7.23.0 None +3 661 kB nicolo-ribaudo
npm/@babel/types@7.23.0 environment +2 2.49 MB nicolo-ribaudo
npm/@docusaurus/core@2.4.3 Transitive: environment, eval, filesystem, network, shell, unsafe +287 26.2 MB slorber
npm/@docusaurus/module-type-aliases@2.4.3 Transitive: filesystem, shell +15 2.49 MB slorber
npm/@docusaurus/preset-classic@2.4.3 environment Transitive: eval, filesystem, shell, unsafe +177 19.6 MB slorber
npm/@docusaurus/theme-mermaid@2.4.3 Transitive: environment, eval, filesystem, shell +155 95.8 MB slorber
npm/@jridgewell/trace-mapping@0.3.19 None +1 219 kB jridgewell
npm/@mdx-js/react@1.6.22 None 0 15.5 kB johno
npm/@tsconfig/docusaurus@1.0.7 None 0 2.82 kB typescript-deploys
npm/@types/estree@1.0.2 None 0 25.7 kB types
npm/@types/express-serve-static-core@4.17.37 None +4 3.99 MB types
npm/@types/express@4.17.19 None +4 3.95 MB types
npm/@types/istanbul-lib-coverage@2.0.4 None 0 5.76 kB types
npm/@types/json-schema@7.0.13 None 0 32.2 kB types
npm/@types/mime@1.3.3 None 0 4.09 kB types
npm/@types/react-router-config@5.0.8 None +5 1.61 MB types
npm/@types/react-router@5.1.20 None +5 1.63 MB types
npm/@types/serve-static@1.15.3 None +2 3.94 MB types
npm/@types/unist@2.0.8 None 0 6.6 kB types
npm/acorn@8.10.0 None 0 494 kB marijn
npm/address@1.2.2 environment, filesystem, shell 0 13 kB fengmk2
npm/ajv@8.12.0 eval +1 1.05 MB esp
npm/algoliasearch@4.20.0 Transitive: network +14 516 kB shortcuts
npm/ansi-align@3.0.1 None +3 66.1 kB nexdrew
npm/autoprefixer@10.4.16 environment +3 298 kB ai
npm/browserslist@4.22.1 environment, filesystem +2 348 kB ai
npm/call-bind@1.0.2 None +1 39.9 kB ljharb
npm/caniuse-lite@1.0.30001547 None 0 2.13 MB caniuse-lite
npm/chokidar@3.5.3 environment, filesystem +5 302 kB paulmillr
npm/clean-css@5.3.2 environment, filesystem, network +1 1.3 MB jakub.pawlowicz
npm/clsx@1.2.1 None 0 5.67 kB lukeed
npm/core-js-compat@3.33.0 None 0 686 kB zloirock
npm/css-tree@1.1.3 None +1 1.55 MB lahmatiy
npm/css-what@6.1.0 None 0 66 kB feedic
npm/cssnano@5.1.15 Transitive: filesystem +35 873 kB ludovicofischer
npm/d3-array@3.2.4 None +1 174 kB mbostock
npm/d3-color@3.1.0 None 0 61.2 kB mbostock
npm/d3-dispatch@3.0.1 None 0 15.6 kB mbostock
npm/d3-drag@3.0.0 None 0 43 kB mbostock
npm/d3-dsv@3.0.1 Transitive: filesystem, shell +2 544 kB mbostock
npm/d3-ease@3.0.1 None 0 34.6 kB mbostock
npm/d3-format@3.1.0 None 0 57.8 kB mbostock
npm/d3-interpolate@3.0.1 None 0 69.7 kB mbostock
npm/d3-path@3.1.0 None 0 20.9 kB mbostock
npm/d3-quadtree@3.0.1 None 0 43.4 kB mbostock
npm/d3-selection@3.0.0 None 0 135 kB mbostock
npm/d3-time-format@4.1.0 None 0 85.6 kB mbostock
npm/d3-time@3.1.0 None 0 64.5 kB mbostock
npm/d3-timer@3.0.1 None 0 18.4 kB mbostock
npm/d3-transition@3.0.1 None 0 111 kB mbostock
npm/d3@7.8.5 Transitive: network +16 2.41 MB mbostock
npm/domelementtype@2.3.0 None 0 11.4 kB feedic
npm/domhandler@5.0.3 None 0 75.3 kB feedic
npm/domutils@3.1.0 network +1 191 kB feedic
npm/entities@4.5.0 None 0 413 kB feedic
npm/ethers@6.8.1 network +7 19.2 MB ricmoo
npm/fast-glob@3.3.1 filesystem +3 184 kB mrmlnc
npm/fbjs@3.0.5 Transitive: eval, network +5 807 kB bigfootjon
npm/get-intrinsic@1.2.1 eval +4 95.3 kB ljharb
npm/html-minifier-terser@6.1.0 None +8 348 kB sibiraj-s
npm/icss-utils@5.1.0 None 0 10 kB evilebottnawi
npm/ignore@5.2.4 None 0 51.2 kB kael
npm/is-alphabetical@1.0.4 None 0 5.01 kB wooorm
npm/is-docker@2.2.1 filesystem 0 3.01 kB sindresorhus
npm/lodash.uniq@4.5.0 None 0 25 kB jdalton
npm/loose-envify@1.4.0 environment 0 5.81 kB zertosh
npm/lowercase-keys@1.0.1 None 0 2.46 kB sindresorhus
npm/make-dir@3.1.0 filesystem 0 10 kB sindresorhus
npm/memfs@3.6.0 filesystem Transitive: unsafe +1 205 kB streamich
npm/mime-types@2.1.18 None +1 183 kB dougwilson
npm/mimic-response@1.0.1 None 0 3.58 kB sindresorhus
npm/normalize-path@3.0.0 None 0 9.22 kB jonschlinkert
npm/object-assign@4.1.1 None 0 5.49 kB sindresorhus
npm/obuf@1.1.2 None 0 19.1 kB indutny
npm/once@1.4.0 None 0 4.05 kB isaacs
npm/open@8.4.2 environment, filesystem, shell +2 54.5 kB sindresorhus
npm/p-limit@2.3.0 None +1 11.8 kB sindresorhus
npm/parse-json@5.2.0 None +3 23.9 kB sindresorhus
npm/parseurl@1.3.3 None 0 10.3 kB dougwilson
npm/path-key@3.1.1 None 0 4.55 kB sindresorhus
npm/picomatch@2.3.1 None 0 90 kB mrmlnc
npm/postcss-selector-parser@6.0.13 None +1 203 kB evilebottnawi
npm/postcss-value-parser@4.2.0 None 0 27.2 kB evilebottnawi
npm/postcss@8.4.31 environment, filesystem +2 224 kB ai
npm/prism-react-renderer@1.3.5 None 0 371 kB gksander
npm/prop-types@15.8.1 environment 0 94.5 kB ljharb
npm/property-information@5.6.0 None 0 96.3 kB wooorm
npm/rc@1.2.8 environment, filesystem +2 31.5 kB dominictarr
npm/react-dom@17.0.2 environment 0 2.99 MB gaearon
npm/react-helmet-async@1.3.0 None +2 351 kB wonderboymusic
npm/react-is@16.13.1 environment 0 24 kB acdlite
npm/react-markdown@6.0.0 Transitive: environment +23 2.73 MB wooorm
npm/react-router@5.3.4 environment +4 915 kB mjackson
npm/react@17.0.2 environment 0 291 kB gaearon
npm/rehype-katex@5.0.0 None +11 4.08 MB wooorm
npm/remark-math@3.0.1 None 0 19.1 kB wooorm
npm/solc@0.8.22 Transitive: environment, filesystem, network, shell +8 9.11 MB cameel

🚮 Removed packages: npm/@aashutoshrathi/word-wrap@1.2.6, npm/@achingbrain/nat-port-mapper@1.0.13, npm/@achingbrain/ssdp@4.0.6, npm/@babel/code-frame@7.23.5, npm/@babel/compat-data@7.23.5, npm/@babel/core@7.23.9, npm/@babel/generator@7.24.1, npm/@babel/helper-compilation-targets@7.23.6, npm/@babel/helper-module-transforms@7.23.3, npm/@babel/helper-string-parser@7.23.4, npm/@babel/helper-validator-option@7.23.5, npm/@babel/helpers@7.23.9, npm/@babel/highlight@7.23.4, npm/@babel/parser@7.23.9, npm/@babel/plugin-syntax-bigint@7.8.3, npm/@babel/plugin-syntax-jsx@7.23.3, npm/@babel/plugin-syntax-typescript@7.23.3, npm/@babel/runtime@7.23.9, npm/@babel/template@7.23.9, npm/@babel/traverse@7.24.1, npm/@babel/types@7.24.0, npm/@bcoe/v8-coverage@0.2.3, npm/@chainsafe/as-chacha20poly1305@0.1.0, npm/@chainsafe/as-sha256@0.4.1, npm/@chainsafe/is-ip@2.0.2, npm/@chainsafe/libp2p-noise@13.0.5, npm/@chainsafe/libp2p-yamux@5.0.4, npm/@chainsafe/netmask@2.0.0, npm/@colors/colors@1.6.0, npm/@cspotcode/source-map-support@0.8.1, npm/@dabh/diagnostics@2.0.3, npm/@dependents/detective-less@3.0.2, npm/@es-joy/jsdoccomment@0.37.1, npm/@esbuild/android-arm64@0.18.20, npm/@esbuild/android-arm@0.18.20, npm/@esbuild/android-x64@0.18.20, npm/@esbuild/darwin-arm64@0.18.20, npm/@esbuild/darwin-x64@0.18.20, npm/@esbuild/freebsd-arm64@0.18.20, npm/@esbuild/freebsd-x64@0.18.20, npm/@esbuild/linux-arm64@0.18.20, npm/@esbuild/linux-arm@0.18.20, npm/@esbuild/linux-ia32@0.18.20, npm/@esbuild/linux-loong64@0.18.20, npm/@esbuild/linux-mips64el@0.18.20, npm/@esbuild/linux-ppc64@0.18.20, npm/@esbuild/linux-riscv64@0.18.20, npm/@esbuild/linux-s390x@0.18.20, npm/@esbuild/linux-x64@0.18.20, npm/@esbuild/netbsd-x64@0.18.20, npm/@esbuild/openbsd-x64@0.18.20, npm/@esbuild/sunos-x64@0.18.20, npm/@esbuild/win32-arm64@0.18.20, npm/@esbuild/win32-ia32@0.18.20, npm/@esbuild/win32-x64@0.18.20, npm/@eslint-community/eslint-utils@4.4.0, npm/@eslint-community/regexpp@4.10.0, npm/@eslint/eslintrc@2.1.4, npm/@eslint/js@8.56.0, npm/@humanwhocodes/config-array@0.11.14, npm/@humanwhocodes/module-importer@1.0.1, npm/@humanwhocodes/object-schema@2.0.2, npm/@iarna/toml@2.2.5, npm/@isaacs/cliui@8.0.2, npm/@istanbuljs/load-nyc-config@1.1.0, npm/@istanbuljs/schema@0.1.3, npm/@jest/console@29.7.0, npm/@jest/core@29.7.0, npm/@jest/environment@29.7.0, npm/@jest/expect-utils@29.7.0, npm/@jest/expect@29.7.0, npm/@jest/fake-timers@29.7.0, npm/@jest/globals@29.7.0, npm/@jest/reporters@29.7.0, npm/@jest/source-map@29.6.3, npm/@jest/test-result@29.7.0, npm/@jest/test-sequencer@29.7.0, npm/@jest/transform@29.7.0, npm/@jridgewell/trace-mapping@0.3.9, npm/@koa/cors@4.0.0, npm/@libp2p/bootstrap@9.0.12, npm/@libp2p/crypto@2.0.8, npm/@libp2p/interface-connection@5.1.1, npm/@libp2p/interface-content-routing@2.1.1, npm/@libp2p/interface-internal@0.1.12, npm/@libp2p/interface-keychain@2.0.5, npm/@libp2p/interface-libp2p@3.2.0, npm/@libp2p/interface-metrics@4.0.8, npm/@libp2p/interface-peer-id@2.0.2, npm/@libp2p/interface-peer-info@1.0.10, npm/@libp2p/interface-peer-routing@1.1.1, npm/@libp2p/interface-peer-store@2.0.4, npm/@libp2p/interface-registrar@2.0.12, npm/@libp2p/interface-stream-muxer@4.1.2, npm/@libp2p/interface-transport@4.0.3, npm/@libp2p/interface@0.1.6, npm/@libp2p/interfaces@3.3.2, npm/@libp2p/kad-dht@10.0.15, npm/@libp2p/keychain@3.0.8, npm/@libp2p/logger@3.1.0, npm/@libp2p/mplex@9.0.12, npm/@libp2p/multistream-select@4.0.10, npm/@libp2p/peer-collections@4.0.11, npm/@libp2p/peer-id-factory@3.0.11, npm/@libp2p/peer-id@3.0.6, npm/@libp2p/peer-record@6.0.12, npm/@libp2p/peer-store@9.0.12, npm/@libp2p/tcp@8.0.13, npm/@libp2p/utils@4.0.7, npm/@lmdb/lmdb-darwin-arm64@2.9.2, npm/@lmdb/lmdb-darwin-x64@2.9.2, npm/@lmdb/lmdb-linux-arm64@2.9.2, npm/@lmdb/lmdb-linux-arm@2.9.2, npm/@lmdb/lmdb-linux-x64@2.9.2, npm/@lmdb/lmdb-win32-x64@2.9.2, npm/@microsoft/tsdoc-config@0.16.2, npm/@microsoft/tsdoc@0.14.2, npm/@monorepo-utils/package-utils@2.10.4, npm/@monorepo-utils/workspaces-to-typescript-project-references@2.10.4, npm/@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2, npm/@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2, npm/@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2, npm/@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2, npm/@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2, npm/@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2, npm/@multiformats/mafmt@12.1.6, npm/@multiformats/multiaddr-matcher@1.1.2, npm/@multiformats/multiaddr@12.1.14, npm/@noble/ciphers@0.4.1, npm/@npmcli/agent@2.2.0, npm/@npmcli/fs@3.1.0, npm/@pkgjs/parseargs@0.11.0, npm/@puppeteer/browsers@2.1.0, npm/@scure/base@1.1.5, npm/@scure/bip32@1.3.2, npm/@scure/bip39@1.2.1, npm/@sinonjs/commons@3.0.1, npm/@sinonjs/fake-timers@10.3.0, npm/@tootallnate/quickjs-emscripten@0.23.0, npm/@trivago/prettier-plugin-sort-imports@4.3.0, npm/@tsconfig/node10@1.0.9, npm/@tsconfig/node12@1.0.11, npm/@tsconfig/node14@1.0.3, npm/@tsconfig/node16@1.0.4, npm/@types/abstract-leveldown@7.2.5, npm/@types/accepts@1.3.7, npm/@types/babel__core@7.20.5, npm/@types/babel__generator@7.6.8, npm/@types/babel__template@7.4.4, npm/@types/babel__traverse@7.20.5, npm/@types/bn.js@5.1.5, npm/@types/body-parser@1.19.5, npm/@types/connect@3.4.38, npm/@types/content-disposition@0.5.8, npm/@types/cookiejar@2.1.5, npm/@types/cookies@0.7.10, npm/@types/debug@4.1.12, npm/@types/detect-node@2.0.2, npm/@types/elliptic@6.4.18, npm/@types/eslint-scope@3.7.7, npm/@types/eslint@8.56.2, npm/@types/estree@1.0.5, npm/@types/express-serve-static-core@4.17.42, npm/@types/express@4.17.21, npm/@types/fs-extra@11.0.4, npm/@types/graceful-fs@4.1.9, npm/@types/http-assert@1.5.5, npm/@types/http-errors@2.0.4, npm/@types/istanbul-lib-coverage@2.0.6, npm/@types/istanbul-lib-report@3.0.3, npm/@types/istanbul-reports@3.0.4, npm/@types/jest@29.5.11, npm/@types/json-schema@7.0.15, npm/@types/json5@0.0.29, npm/@types/jsonfile@6.1.4, npm/@types/keygrip@1.0.6, npm/@types/koa-bodyparser@4.3.12, npm/@types/koa-compose@3.2.8, npm/@types/koa-compress@4.0.6, npm/@types/koa-cors@0.0.2, npm/@types/koa-router@7.4.8, npm/@types/koa-send@4.1.6, npm/@types/koa-static@4.0.4, npm/@types/koa@2.14.0, npm/@types/koa__cors@4.0.3, npm/@types/level-errors@3.0.2, npm/@types/leveldown@4.0.6, npm/@types/levelup@5.1.5, npm/@types/lodash.camelcase@4.3.9, npm/@types/lodash.capitalize@4.2.9, npm/@types/lodash.chunk@4.2.9, npm/@types/lodash.clonedeep@4.5.9, npm/@types/lodash.clonedeepwith@4.5.9, npm/@types/lodash.every@4.6.9, npm/@types/lodash.groupby@4.6.9, npm/@types/lodash.isequal@4.5.8, npm/@types/lodash.merge@4.6.9, npm/@types/lodash.omit@4.5.9, npm/@types/lodash.pick@4.4.9, npm/@types/lodash.startcase@4.4.9, npm/@types/lodash.times@4.3.9, npm/@types/lodash@4.14.202, npm/@types/memdown@3.0.5, npm/@types/methods@1.1.4, npm/@types/mime@3.0.4, npm/@types/minimist@1.2.5, npm/@types/ms@0.7.34, npm/@types/node@20.11.7, npm/@types/normalize-package-data@2.4.4, npm/@types/pako@2.0.3, npm/@types/qs@6.9.11, npm/@types/range-parser@1.2.7, npm/@types/retry@0.12.2, npm/@types/semver@7.5.6, npm/@types/send@0.17.4, npm/@types/serve-static@1.15.5, npm/@types/sha256@0.2.2, npm/@types/sinon@17.0.3, npm/@types/sinonjs__fake-timers@8.1.5, npm/@types/source-map-support@0.5.10, npm/@types/stack-utils@2.0.3, npm/@types/superagent@8.1.3, npm/@types/supertest@2.0.16, npm/@types/triple-beam@1.3.5, npm/@types/ws@8.5.10, npm/@types/yargs-parser@21.0.3, npm/@types/yargs@17.0.32, npm/@types/yauzl@2.10.3, npm/@typescript-eslint/eslint-plugin@6.19.1, npm/@typescript-eslint/parser@6.19.1, npm/@typescript-eslint/scope-manager@6.19.1, npm/@typescript-eslint/type-utils@6.19.1, npm/@typescript-eslint/types@6.19.1, npm/@typescript-eslint/typescript-estree@6.19.1, npm/@typescript-eslint/utils@6.19.1, npm/@typescript-eslint/visitor-keys@6.19.1, npm/@ungap/structured-clone@1.2.0, npm/@webpack-cli/configtest@2.1.1, npm/@webpack-cli/info@2.0.2, npm/@webpack-cli/serve@2.0.5, npm/abbrev@2.0.0, npm/abitype@1.0.0, npm/abortable-iterator@5.0.1, npm/abstract-leveldown@7.2.0, npm/acorn-jsx@5.3.2, npm/acorn-walk@8.3.2, npm/acorn@8.11.3, npm/agent-base@7.1.0, npm/ansi-escapes@4.3.2, npm/ansi-sequence-parser@1.1.1, npm/any-promise@1.3.0, npm/any-signal@4.1.1, npm/app-module-path@2.2.0, npm/arg@4.1.3, npm/array-buffer-byte-length@1.0.0, npm/array-includes@3.1.7, npm/array.prototype.findlastindex@1.2.3, npm/array.prototype.flat@1.3.2, npm/array.prototype.flatmap@1.3.2, npm/arraybuffer.prototype.slice@1.0.2, npm/arrify@1.0.1, npm/asn1.js@5.4.1, npm/ast-module-types@2.7.1, npm/ast-types@0.13.4, npm/async@3.2.5, npm/asynckit@0.4.0, npm/available-typed-arrays@1.0.5, npm/b4a@1.6.4, npm/babel-jest@29.7.0, npm/babel-plugin-istanbul@6.1.1, npm/babel-plugin-jest-hoist@29.6.3, npm/babel-preset-current-node-syntax@1.0.1, npm/babel-preset-jest@29.6.3, npm/bare-events@2.2.0, npm/bare-fs@2.1.5, npm/bare-os@2.2.0, npm/bare-path@2.1.0, npm/base64-js@1.5.1, npm/basic-ftp@5.0.4, npm/benchmark@2.1.4, npm/bl@4.1.0, npm/bn.js@4.12.0, npm/brace-expansion@2.0.1, npm/brorand@1.1.0, npm/browserify-aes@1.2.0, npm/browserify-cipher@1.0.1, npm/browserify-des@1.0.2, npm/browserify-rsa@4.1.0, npm/browserify-sign@4.2.2, npm/browserslist@4.22.2, npm/bs-logger@0.2.6, npm/bser@2.1.1, npm/buffer-crc32@0.2.13, npm/buffer-xor@1.0.3, npm/buffer@6.0.3, npm/cacache@18.0.2, npm/cache-content-type@1.0.1, npm/call-bind@1.0.5, npm/camelcase-keys@6.2.2, npm/camelcase@5.3.1, npm/caniuse-lite@1.0.30001580, npm/catering@2.1.1, npm/char-regex@1.0.2, npm/chownr@2.0.0, npm/chromium-bidi@0.5.9, npm/cipher-base@1.0.4, npm/cjs-module-lexer@1.2.3, npm/cli-cursor@3.1.0, npm/cli-spinners@2.9.2, npm/cliui@8.0.1, npm/clone@1.0.4, npm/co-body@6.1.0, npm/co@4.6.0, npm/collect-v8-coverage@1.0.2, npm/color-string@1.9.1, npm/color@3.2.1, npm/colorspace@1.1.4, npm/combined-stream@1.0.8, npm/comlink@4.4.1, npm/commander@10.0.1, npm/comment-json@3.0.3, npm/comment-parser@1.3.1, npm/component-emitter@1.3.1, npm/concurrently@7.6.0, npm/convert-hex@0.1.0, npm/convert-string@0.1.0, npm/cookiejar@2.1.4, npm/cookies@0.9.1, npm/copy-to@2.0.1, npm/cosmiconfig@9.0.0, npm/create-ecdh@4.0.4, npm/create-hash@1.2.0, npm/create-hmac@1.1.7, npm/create-jest@29.7.0, npm/create-require@1.1.1, npm/cross-fetch@4.0.0, npm/crypto-browserify@3.12.0, npm/data-uri-to-buffer@4.0.1, npm/datastore-core@9.2.7, npm/date-fns@2.30.0, npm/decamelize-keys@1.1.1, npm/decamelize@1.2.0, npm/dedent@1.5.1, npm/deep-equal@1.0.1, npm/deep-is@0.1.4, npm/default-gateway@7.2.2, npm/defaults@1.0.4, npm/deferred-leveldown@7.0.0, npm/define-data-property@1.1.1, npm/degenerator@5.0.1, npm/delay@6.0.0, npm/delayed-stream@1.0.0, npm/delegates@1.0.0, npm/dependency-tree@9.0.0, npm/des.js@1.1.0, npm/detect-libc@2.0.2, npm/detect-newline@3.1.0, npm/detective-amd@3.1.2, npm/detective-cjs@3.1.3, npm/detective-es6@2.2.2, npm/detective-less@1.0.2, npm/detective-postcss@4.0.0, npm/detective-sass@3.0.2, npm/detective-scss@2.0.2, npm/detective-stylus@3.0.0, npm/detective-typescript@7.0.2, npm/devtools-protocol@0.0.1249869, npm/dezalgo@1.0.4, npm/diff-sequences@29.6.3, npm/diff@4.0.2, npm/diffie-hellman@5.0.3, npm/dns-over-http-resolver@3.0.2, npm/doctrine@2.1.0, npm/dotenv@16.4.1, npm/electron-to-chromium@1.4.647, npm/elliptic@6.5.4, npm/emittery@0.13.1, npm/enabled@2.0.0, npm/encoding@0.1.13, npm/env-paths@2.2.1, npm/envinfo@7.11.0, npm/err-code@2.0.3, npm/es-abstract@1.22.3, npm/es-module-lexer@1.4.1, npm/es-set-tostringtag@2.0.2, npm/es-shim-unscopables@1.0.2, npm/es-to-primitive@1.2.1, npm/esbuild@0.18.20, npm/escodegen@2.1.0, npm/eslint-config-prettier@8.10.0, npm/eslint-import-resolver-node@0.3.9, npm/eslint-import-resolver-typescript@3.6.1, npm/eslint-module-utils@2.8.0, npm/eslint-plugin-import@2.29.1, npm/eslint-plugin-jsdoc@40.3.0, npm/eslint-plugin-no-only-tests@3.1.0, npm/eslint-plugin-tsdoc@0.2.17, npm/eslint-visitor-keys@2.1.0, npm/eslint@8.56.0, npm/espree@9.6.1, npm/esquery@1.5.0, npm/event-iterator@2.0.0, npm/event-stream@3.3.4, npm/eventemitter3@5.0.1, npm/evp_bytestokey@1.0.3, npm/exit@0.1.2, npm/expect@29.7.0, npm/exponential-backoff@3.1.1, npm/extract-zip@2.0.1, npm/fast-fifo@1.3.2, npm/fast-glob@3.3.2, npm/fast-levenshtein@2.0.6, npm/fast-safe-stringify@2.1.1, npm/fastest-levenshtein@1.0.16, npm/fastq@1.16.0, npm/fb-watchman@2.0.2, npm/fd-slicer@1.1.0, npm/fecha@4.2.3, npm/fetch-blob@3.2.0, npm/file-entry-cache@6.0.1, npm/file-stream-rotator@0.6.1, npm/filing-cabinet@3.3.1, npm/flat-cache@3.2.0, npm/flat@5.0.2, npm/flatted@3.2.9, npm/flatten@1.0.3, npm/fn.name@1.1.0, npm/for-each@0.3.3, npm/foreground-child@3.1.1, npm/form-data@4.0.0, npm/formdata-polyfill@4.0.10, npm/formidable@2.1.2, npm/freeport-promise@2.0.0, npm/from@0.1.7, npm/fs-extra@11.2.0, npm/fs-minipass@2.1.0, npm/function-bind@1.1.2, npm/function.prototype.name@1.1.6, npm/functional-red-black-tree@1.0.1, npm/functions-have-names@1.2.3, npm/get-amd-module-type@3.0.2, npm/get-caller-file@2.0.5, npm/get-intrinsic@1.2.2, npm/get-iterator@1.0.2, npm/get-package-type@0.1.0, npm/get-symbol-description@1.0.0, npm/get-tsconfig@4.7.2, npm/get-uri@6.0.2, npm/glob@10.3.10, npm/globals@13.24.0, npm/globalthis@1.0.3, npm/gonzales-pe@4.3.0, npm/graphemer@1.4.0, npm/hard-rejection@2.1.0, npm/has-bigints@1.0.2, npm/has-flag@3.0.0, npm/has-own-prop@2.0.0, npm/has-property-descriptors@1.0.1, npm/has-tostringtag@1.0.0, npm/hash-base@3.1.0, npm/hash.js@1.1.7, npm/hashlru@2.3.0, npm/hasown@2.0.0, npm/hexoid@1.0.0, npm/hmac-drbg@1.0.1, npm/hosted-git-info@2.8.9, npm/html-escaper@2.0.2, npm/http-assert@1.5.0, npm/http-errors@1.8.1, npm/http-proxy-agent@7.0.0, npm/https-proxy-agent@7.0.2, npm/hyperdyperid@1.2.0, npm/ieee754@1.2.1, npm/ignore@5.3.0, npm/immediate@3.0.6, npm/import-local@3.1.0, npm/indexes-of@1.0.1, npm/inflation@2.1.0, npm/interface-datastore@8.2.10, npm/interface-store@5.1.7, npm/internal-slot@1.0.6, npm/interpret@3.1.1, npm/ip-regex@5.0.0, npm/ip@1.1.8, npm/is-arguments@1.1.1, npm/is-array-buffer@3.0.2, npm/is-bigint@1.0.4, npm/is-boolean-object@1.1.2, npm/is-callable@1.2.7, npm/is-core-module@2.13.1, npm/is-date-object@1.0.5, npm/is-electron@2.2.2, npm/is-generator-fn@2.1.0, npm/is-generator-function@1.0.10, npm/is-interactive@1.0.0, npm/is-lambda@1.0.1, npm/is-loopback-addr@2.0.2, npm/is-negative-zero@2.0.2, npm/is-network-error@1.0.1, npm/is-number-object@1.0.7, npm/is-plain-obj@1.1.0, npm/is-regex@1.1.4, npm/is-relative-path@1.0.2, npm/is-shared-array-buffer@1.0.2, npm/is-string@1.0.7, npm/is-symbol@1.0.4, npm/is-typed-array@1.1.12, npm/is-unicode-supported@0.1.0, npm/is-url-superb@4.0.0, npm/is-url@1.2.4, npm/is-weakref@1.0.2, npm/isarray@2.0.5, npm/isows@1.0.3, npm/istanbul-lib-coverage@3.2.2, npm/istanbul-lib-instrument@5.2.1, npm/istanbul-lib-report@3.0.1, npm/istanbul-lib-source-maps@4.0.1, npm/istanbul-reports@3.1.6, npm/it-all@3.0.4, npm/it-batched-bytes@2.0.5, npm/it-byte-stream@1.0.7, npm/it-drain@3.0.5, npm/it-filter@3.0.4, npm/it-first@3.0.4, npm/it-foreach@2.0.6, npm/it-handshake@4.1.3, npm/it-length-prefixed-stream@1.1.6, npm/it-length-prefixed@9.0.4, npm/it-length@3.0.4, npm/it-map@3.0.5, npm/it-merge@3.0.3, npm/it-pair@2.0.6, npm/it-parallel@3.0.6, npm/it-peekable@3.0.3, npm/it-pipe@3.0.1, npm/it-protobuf-stream@1.1.2, npm/it-pushable@3.2.3, npm/it-reader@6.0.4, npm/it-sort@3.0.4, npm/it-stream-types@2.0.1, npm/it-take@3.0.4, npm/jackspeak@2.3.6, npm/javascript-natural-sort@0.7.1, npm/jest-changed-files@29.7.0, npm/jest-circus@29.7.0, npm/jest-cli@29.7.0, npm/jest-config@29.7.0, npm/jest-diff@29.7.0, npm/jest-docblock@29.7.0, npm/jest-each@29.7.0, npm/jest-environment-node@29.7.0, npm/jest-get-type@29.6.3, npm/jest-haste-map@29.7.0, npm/jest-leak-detector@29.7.0, npm/jest-matcher-utils@29.7.0, npm/jest-message-util@29.7.0, npm/jest-mock-extended@3.0.5, npm/jest-mock@29.7.0, npm/jest-pnp-resolver@1.2.3, npm/jest-regex-util@29.6.3, npm/jest-resolve-dependencies@29.7.0, npm/jest-resolve@29.7.0, npm/jest-runner@29.7.0, npm/jest-runtime@29.7.0, npm/jest-snapshot@29.7.0, npm/jest-validate@29.7.0, npm/jest-watcher@29.7.0, npm/jest-worker@27.5.1, npm/jest@29.7.0, npm/jju@1.4.0, npm/jsdoc-type-pratt-parser@4.0.0, npm/json-buffer@3.0.1, npm/json-joy@9.9.1, npm/json-stable-stringify-without-jsonify@1.0.1, npm/jsonc-parser@3.2.1, npm/jsonfile@4.0.0, npm/jszip@3.10.1, npm/keygrip@1.1.0, npm/keyv@4.5.4, npm/koa-bodyparser@4.4.1, npm/koa-compose@4.1.0, npm/koa-compress@5.1.1, npm/koa-convert@2.0.0, npm/koa-cors@0.0.16, npm/koa-is-json@1.0.0, npm/koa-router@12.0.1, npm/koa-send@5.0.1, npm/koa-static@5.0.0, npm/koa@2.15.0, npm/kuler@2.0.0, npm/level-concat-iterator@3.1.0, npm/level-errors@3.0.1, npm/level-iterator-stream@5.0.0, npm/level-supports@2.1.0, npm/leveldown@6.1.1, npm/levelup@5.1.1, npm/levn@0.4.1, npm/libp2p@0.46.21, npm/lie@3.3.0, npm/lmdb@2.9.2, npm/load-json-file@6.2.0, npm/lodash.camelcase@4.3.0, npm/lodash.capitalize@4.2.1, npm/lodash.chunk@4.2.0, npm/lodash.clonedeep@4.5.0, npm/lodash.clonedeepwith@4.5.0, npm/lodash.compact@3.0.1, npm/lodash.every@4.6.0, npm/lodash.groupby@4.6.0, npm/lodash.isequal@4.5.0, npm/lodash.merge@4.6.2, npm/lodash.omit@4.5.0, npm/lodash.pick@4.4.0, npm/lodash.startcase@4.4.0, npm/lodash.times@4.3.2, npm/log-symbols@4.1.0, npm/logform@2.6.0, npm/ltgt@2.2.1, npm/lunr@2.3.9, npm/madge@6.1.0, npm/make-dir@4.0.0, npm/make-error@1.3.6, npm/make-fetch-happen@13.0.0, npm/makeerror@1.0.12, npm/map-obj@1.0.1, npm/map-stream@0.1.0, npm/marked@4.3.0, npm/md5.js@1.3.5, npm/memdown@6.1.1, npm/memfs@4.6.0, npm/meow@7.1.1, npm/merge-options@3.0.4, npm/miller-rabin@4.0.1, npm/mime@2.6.0, npm/min-indent@1.0.1, npm/minimalistic-crypto-utils@1.0.1, npm/minimatch@9.0.3, npm/minimist-options@4.1.0

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Mar 26, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/core-js-pure@3.33.0
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
Install scripts npm/core-js@3.33.0
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/core-js-pure@3.33.0
  • @SocketSecurity ignore npm/core-js@3.33.0

@alexghr alexghr force-pushed the 03-24-feat_use_zod_for_config branch 2 times, most recently from 034b9b8 to 36ae57f Compare March 26, 2024 17:33
@alexghr
Copy link
Contributor Author

alexghr commented Mar 26, 2024

I'm not sure what's going on with Socket but there are no changes to any package.json files or to yarn.lock

@alexghr alexghr force-pushed the 03-24-feat_use_zod_for_config branch from 36ae57f to e27cd65 Compare March 27, 2024 07:37
PhilWindle
PhilWindle requested changes Mar 30, 2024
View reviewed changes
Copy link
Collaborator

@PhilWindle PhilWindle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to hold off on introducing this for now.

@alexghr
Copy link
Contributor Author

alexghr commented Mar 31, 2024

I'll close this PR and we can revisit at a later time

@alexghr alexghr closed this Mar 31, 2024
@ludamad ludamad deleted the 03-24-feat_use_zod_for_config branch August 22, 2024 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@just-mitch just-mitch just-mitch approved these changes

@PhilWindle PhilWindle PhilWindle requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexghr @AztecBot @PhilWindle @just-mitch