diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..a80eebac7 --- /dev/null +++ b/.snyk @@ -0,0 +1,77 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - socketio > socket.io > socket.io-parser > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-parser > debug + - socketio > socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-adapter > socket.io-parser > debug + - socketio > socket.io > socket.io-client > socket.io-parser > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-client > socket.io-parser > debug + - socketio > socket.io > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > debug + - socketio > socket.io > engine.io > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > engine.io > debug + - socketio > socket.io > socket.io-adapter > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-adapter > debug + - socketio > socket.io > socket.io-client > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-client > debug + - socketio > socket.io > socket.io-client > engine.io-client > debug: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:debug:20170905' + path: socketio > socket.io > socket.io-client > engine.io-client > debug + 'npm:ms:20170412': + - socketio > socket.io > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: socketio > socket.io > debug > ms + - socketio > socket.io > engine.io > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: socketio > socket.io > engine.io > debug > ms + - socketio > socket.io > socket.io-adapter > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: socketio > socket.io > socket.io-adapter > debug > ms + - socketio > socket.io > socket.io-client > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: socketio > socket.io > socket.io-client > debug > ms + - socketio > socket.io > socket.io-client > engine.io-client > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: >- + socketio > socket.io > socket.io-client > engine.io-client > debug > + ms + - socketio > socket.io > socket.io-parser > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: socketio > socket.io > socket.io-parser > debug > ms + - socketio > socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: >- + socketio > socket.io > socket.io-adapter > socket.io-parser > debug > + ms + - socketio > socket.io > socket.io-client > socket.io-parser > debug > ms: + patched: '2024-09-13T07:50:43.930Z' + id: 'npm:ms:20170412' + path: >- + socketio > socket.io > socket.io-client > socket.io-parser > debug > + ms diff --git a/package.json b/package.json index 874b92499..52622c472 100644 --- a/package.json +++ b/package.json @@ -39,11 +39,17 @@ "sticky-cluster": "^0.3.1", "uuid": "3.0.1", "wallet-address-validator": "0.1.0", - "zmq": "^2.15.3" + "zmq": "^2.15.3", + "@snyk/protect": "latest" }, "optionalDependencies": { "cryptonote-util": "git://github.com/Snipa22/node-cryptonote-util.git#xmr-Nan-2.0", "cryptonight-hashing": "git+https://github.com/MoneroOcean/node-cryptonight-hashing.git#v8.0.0", "multi-hashing": "git+https://github.com/Snipa22/node-multi-hashing-aesni.git#v0.1" - } + }, + "scripts": { + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }