Skip to content

Commit 58f8656

Browse files
fix(deps): surgical yarn.lock fix for scrypt-shim malware
Replace malicious `scrypt-shim@github:web3-js/scrypt-shim` (MAL-2022-5972) resolved from codeload.github.com with the npm security placeholder `0.0.1-security` in solidity/ecdsa and solidity/random-beacon yarn.lock files. Restores lock files to main-branch state (valid npm registry references) to fix the CI SSH auth failure caused by the previous regenerated lock files containing git+ssh:// references to private repos. Also removes the `resolutions: web3-eth-accounts` field from both package.json files — it was not compatible with --frozen-lockfile CI.
1 parent 8e58bb7 commit 58f8656

4 files changed

Lines changed: 2949 additions & 2732 deletions

File tree

solidity/ecdsa/package.json

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,6 @@
8080
"engines": {
8181
"node": ">= 14.0.0"
8282
},
83-
"resolutions": {
84-
"web3-eth-accounts": "1.2.11"
85-
},
8683
"overrides": {
8784
"get-func-name": "^2.0.2"
8885
}

0 commit comments

Comments
 (0)