Skip to content

fix: initial multichain core#1317

Merged
elribonazo merged 13 commits into
mainfrom
features/multichain-core
Jul 17, 2025
Merged

fix: initial multichain core#1317
elribonazo merged 13 commits into
mainfrom
features/multichain-core

Conversation

@elribonazo

@elribonazo elribonazo commented Jul 16, 2025

Copy link
Copy Markdown
Contributor

Explanation

This PR will be integrating the multi-chain core package, it does not yet fully integrate install modals and QRCode displaying. This will be implemented into the SDK once we have the playground merged.

I'd rather leave the multi-chain core as is and improve it in later PR's.

Added decent unitary test coverage for multichain and some minor changes in domain to make consuming this SDK easier.

Added session Management

Added Error Management

Added RPCClient with support for the ReadonlyRPC Calls as before but a much cleaner and isolated code.

Focusing on simplicity and strong separation of concerns

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've highlighted breaking changes using the "BREAKING" category above as appropriate

@elribonazo
elribonazo marked this pull request as ready for review July 16, 2025 14:29
@elribonazo
elribonazo requested a review from a team as a code owner July 16, 2025 14:29
cursor[bot]

This comment was marked as outdated.

cursor[bot]

This comment was marked as outdated.

@socket-security

socket-security Bot commented Jul 16, 2025

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​jsdom@​26.1.0981001009070

View full report

@socket-security

socket-security Bot commented Jul 16, 2025

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn Low
npm/jsdom@26.1.0 is a AI-detected potential code anomaly.

Notes: The code fragment does not exhibit clear malicious behavior, but it has several anomalies, including typos and dynamic property manipulation using Reflect API, which could pose a security risk if not properly managed.

Confidence: 1.00

Severity: 0.60

From: packages/sdk-multichain/package.jsonnpm/jsdom@26.1.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@26.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
npm/jsdom@26.1.0 is a AI-detected potential code anomaly.

Notes: The code uses new Function() and createFunction() to dynamically create and execute code, which can be dangerous if not properly controlled. The use of with statements and dynamic function creation is similar to using eval(), which is generally discouraged due to security risks. If user input is passed into the event handler bodies, it could lead to cross-site scripting (XSS) vulnerabilities.

Confidence: 1.00

Severity: 0.60

From: packages/sdk-multichain/package.jsonnpm/jsdom@26.1.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@26.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

cursor[bot]

This comment was marked as outdated.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Error Handling: Validate Error Type Before Accessing Message

Multiple catch blocks in client.ts and index.ts directly access error.message (or err.message) without validating if the caught value is an Error object. Since JavaScript catch blocks can receive any type of value, this can lead to runtime errors if a non-Error value is caught.

packages/sdk-multichain/src/utis/rpc/client.ts#L139-L141

return response
} catch (error) {
throw new RPCInvokeMethodErr(error.message)

packages/sdk-multichain/src/store/index.ts#L15-L20

} catch (err) {
throw new StorageGetErr(
this.#adapter.platform,
'anonId',
err.message
);

packages/sdk-multichain/src/utis/rpc/client.ts#L59-L60

}
throw new RPCReadonlyRequestErr(error.message)

packages/sdk-multichain/src/utis/rpc/client.ts#L68-L69

} catch (error) {
throw new RPCReadonlyResponseErr(error.message)

Fix in CursorFix in Web


Was this report helpful? Give feedback by reacting with 👍 or 👎

@codecov

codecov Bot commented Jul 16, 2025

Copy link
Copy Markdown

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.93%. Comparing base (449a82a) to head (7a99f2f).
Report is 2 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1317   +/-   ##
=======================================
  Coverage   74.93%   74.93%           
=======================================
  Files         184      184           
  Lines        4513     4513           
  Branches     1105     1105           
=======================================
  Hits         3382     3382           
  Misses       1131     1131           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sonarqubecloud

Copy link
Copy Markdown

@chakra-guy chakra-guy left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

@elribonazo
elribonazo merged commit f72f1bf into main Jul 17, 2025
40 checks passed
@elribonazo
elribonazo deleted the features/multichain-core branch July 17, 2025 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants