ci: add npm audit check to CI to catch new vulnerabilities#1
Open
DammyAji wants to merge 242 commits into
Open
ci: add npm audit check to CI to catch new vulnerabilities#1DammyAji wants to merge 242 commits into
DammyAji wants to merge 242 commits into
Conversation
- useFreighterQuery: wraps useFreighter connect in useMutation - useStellarAccountQuery: wraps useStellarAccount in useQuery with proper cache keys - useStellarBalanceQuery: wraps useStellarBalance in useQuery - Separate optional peer-dependency package - React Query not required for main stellar-hooks package - Includes comprehensive tests and documentation
…with package configuration updates
- Add manual mock at src/__mocks__/@stellar/freighter-api.ts exposing vi.fn() stubs and helpers (resetFreighterMocks, mockFreighterConnected, mockFreighterInstalled, mockFreighterError). - Wire alias in vitest.config.ts so hook and tests share the same vi.fn instances (no vi.mock() needed in tests). - Add comprehensive unit tests for useFreighter covering not-installed, installed-but-disconnected, connected, connect(), disconnect(), error, and sign* paths. - Add @testing-library/react + jsdom devDeps. - Fix placeholder repository URL in package.json.
When isConnected() returned true but getAddress() yielded no address, the probe dispatched SET_DISCONNECTED which left isInstalled=false from the initial state. Both code paths reaching SET_DISCONNECTED (probe with no authorised address; user-triggered disconnect()) imply the extension IS installed, so set isInstalled=true there. SET_NOT_INSTALLED remains the only path that sets isInstalled=false.
- add AGENTS.md to project gitignore - add early return checks in reducer to skip redundant state updates - integrate Freighter's WatchWalletChanges to sync state with wallet address/network - clean up the probe effect's cleanup function
- Bump @stellar/freighter-api to v6 and rewrite useFreighter hook for new API: rename signBlob to signMessage, fix connection checks, improve option handling, add error checks - Refactor all stellar-sdk imports to use `rpc` instead of deprecated `SorobanRpc` namespace, update all associated type references across hooks - Update build configuration: switch module output to .mjs, add external deps to tsup, add size-limit checks and bundle size CI step - Update README: remove specific Wave repo reference, add documentation for new useStellarAccount, useSorobanContract, and useTransaction hooks - Fix useSorobanContract fee handling: convert fee to string for TransactionBuilder - Clean up error messages and minor code structure across hook files
docs: document StellarProvider customConfig shape with CustomNetworkC…
…e/expose-soroban-simulate feat: expose standalone contract simulate method and normalize Soroba…
Add onSuccess and onError callbacks to useTransaction, usePathPayment, usePayment, and useClaimBalance. Update ContractCallOptions to support generic result types, and adjust useSorobanContract to use the updated generic ContractCallOptions and invoke callbacks on success/error.
feat: add SWR adapter package (@stellar-hooks/swr)
…-hook-return-values docs: add inline JSDoc examples to all hook return values
…Account_expose_subentryCount_and_sponsoredReserves expose reserve fields
…adapter feat: add React Query adapter package @stellar-hooks/query
faet add badges for npm version, license, and bundle size
Update Vitest config to use jsdom environment for React testing, add jsdom as a dev dependency, add comprehensive test suites for useStellarAccount and useStellarBalance hooks, and fix indentation in package.json size-limit configuration.
…unt & useSorobanContract test bugs
…d submitting transactions Elevates useTransaction from a low-level XDR-submission primitive to a complete, public-facing hook that handles the full transaction lifecycle: load account -> build -> sign -> submit -> poll for confirmation. - Add useTransactionCore.ts: internal hook that accepts a pre-signed XDR string and submits/polls it (classic Horizon or Soroban RPC). This is the old useTransaction logic, now private to the library. - Rewrite useTransaction.ts: accepts xdr.Operation[] at call time, builds a TransactionBuilder from the connected Freighter account, signs via Freighter, and delegates submission to useTransactionCore. Supports fee, memo, feeBump sponsorship, mode (classic/soroban), and timeoutSeconds. - Update 12 internal hooks (usePayment, useBumpSequence, useAccountMerge, useTrade, useTrustline, useInflation, useAccountFlags, useManageData, useMultiSig, usePathPayment, useClaimableBalance, useStellarTransaction) to import from useTransactionCore instead of useTransaction. - Update 11 test files to mock useTransactionCore at the correct path. - Add useTransaction.test.ts with 12 unit tests covering initial state, single/multiple operations, memo attachment, custom fee, fee-bump sponsorship (explicit and default), and error cases. - Export UseTransactionOptions and UseTransactionReturn types from the public index. - Fix pre-existing lint errors in modified files: rename getHook helpers to useHook, replace no-explicit-any casts with typed AuthFlag casts, and remove unused variables. - Add tsconfig.json paths alias for @creit-tech/stellar-wallets-kit/sdk pointing to the existing mock stub so tsc can resolve the module.
…es (dark-princezz#188) test: add unit tests for useStellarAccount with mocked Horizon server (dark-princezz#137) test: add unit tests for useSorobanContract - simulate, sign, submit lifecycle (dark-princezz#138) types: add generic TResult type parameter to useSorobanContract (dark-princezz#183)
fix: add tests, TResult generic, and resolve security vulnerabilities
…ples-issue-149 docs: add JSDoc @example to every exported hook and type
…ypes Snapshot test types
…on-build-submit feat(dark-princezz#71): implement useTransaction hook for building and submitting …
ci: fix CI workflow - ensure npm run build passes on every PR
…yment-119 fix(tests): update useFreighter test for freighter-api v6
…mated-test-run ci: add automated test run to CI on push and PR
…ish-npm-stellar-hooks dx: publish package to npm as stellar-hooks@0.1.0
…ble-balance feat: implement useClaimableBalance() — list, create, and claim balances
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…thub_actions/actions/configure-pages-6 chore(deps): bump actions/configure-pages from 4 to 6
…thub_actions/actions/checkout-7 chore(deps): bump actions/checkout from 4 to 7
…thub_actions/actions/deploy-pages-5 chore(deps): bump actions/deploy-pages from 4 to 5
…thub_actions/actions/stale-10 chore(deps): bump actions/stale from 9 to 10
…thub_actions/actions/upload-pages-artifact-5 chore(deps): bump actions/upload-pages-artifact from 3 to 5
Add comprehensive unit tests for usePayment and useStellarToml, fix Freighter v6 test mocks, harden useStellarToml null-domain handling, and resolve build/typecheck issues for optional wallets-kit integration. Closes dark-princezz#116 Closes dark-princezz#120 Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
…ent-stellar-toml-hooks [116][120] feat: implement usePayment() and useStellarToml() hooks
- Bump vitest from ^1.6.0 to ^3.2.6 to resolve critical CVE (GHSA-5xrq-8626-4rwp) and high severity vulnerabilities - Fix SorobanRpc → rpc namespace rename for @stellar/stellar-sdk v13 (useLedgerEntry, useSorobanContract, useTransaction) - Fix StellarTomlResolver → StellarToml.Resolver.resolve for SDK v13 (useStellarToml) - Fix useFreighter to use freighter-api v2 API (getPublicKey, getNetworkDetails instead of getAddress) - Fix fee type in ContractCallOptions (number → string) - Fix utils/index.ts parseAccountResponse for exactOptionalPropertyTypes and liquidity pool balances - Fix broken import paths in utils.test.ts (../src/utils → ../utils) - Fix unused imports and no-explicit-any lint errors across hooks and tests - Fix useContractEvents.test.ts possibly undefined access Closes dark-princezz#172
DammyAji
force-pushed
the
feature/issue--172
branch
from
19a3830 to
7833c0e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
npm audit --audit-level=highas a CI step to automatically catch high and critical vulnerabilities on every push and pull request.The step runs after
npm ci(dependencies installed) and before typecheck/lint/test, so the pipeline fails fast if a vulnerable dependency is introduced.Closes dark-princezz#172