Feat/hardhat tests #235

EthanOK · 2025-08-11T10:53:46Z

add hardhat test

This fixes an apparent bug in the ERC20-ERC20 exchange contract, in which two methods use the equality operator == instead of the assignment operator =.

contracts: drop swapOutput

This refactors the ERC20-ERC20 contract to split swapInput into two public functions, with the shared logic in a single private function. This reduces the amount of branching, and is likely to make further changes (such as caching reserve balances and recording accumulator values for the oracle) easier.

contracts: track reserves in ERC20-ERC20 exchange and remove transferFrom

Prepare for deploying the contracts and build artifacts to npmjs

* Widen the pragma This reverts commit 528056e

This reverts commit 6a67b82.

* Create CITATION.cff I want to cite this Github repository in some research papers I am writing. A `CITATION.cff` auto generates citations for anyone who may want to reference this repository in their work. See the (docs)[https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-citation-files]. I have drafted this to include the authors of the repository if you desire any changes, please make them. Thank you. * Update CITATION.cff Co-authored-by: Noah Zinsmeister <noahwz@gmail.com>

feat: add stale config

v1.9.1

socket-security · 2025-09-29T02:06:07Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	Maintenance
	@types/minimatch@6.0.0
	@nomicfoundation/solidity-analyzer-darwin-arm64@0.1.2
	@nomicfoundation/solidity-analyzer-darwin-x64@0.1.2
	@nomicfoundation/solidity-analyzer-linux-arm64-gnu@0.1.2
	@nomicfoundation/solidity-analyzer-linux-arm64-musl@0.1.2
	@nomicfoundation/solidity-analyzer-linux-x64-gnu@0.1.2
	@nomicfoundation/solidity-analyzer-linux-x64-musl@0.1.2
	@nomicfoundation/solidity-analyzer-win32-x64-msvc@0.1.2
	@nomicfoundation/edr-darwin-arm64@0.11.3
	@nomicfoundation/edr-darwin-x64@0.11.3
	@nomicfoundation/edr-linux-arm64-gnu@0.11.3
	@nomicfoundation/edr-linux-arm64-musl@0.11.3
	@nomicfoundation/edr-linux-x64-gnu@0.11.3
	@nomicfoundation/edr-linux-x64-musl@0.11.3
	@nomicfoundation/edr-win32-x64-msvc@0.11.3
	isarray@0.0.1 ⏵ 2.0.5		^-19
	is-unicode-supported@0.1.0
	hasown@2.0.2
	has-tostringtag@1.0.2
	has-property-descriptors@1.0.2
	set-function-length@1.2.2
	aggregate-error@3.1.0
	available-typed-arrays@1.0.7
	indent-string@4.0.0
	es-define-property@1.0.1
	typed-array-buffer@1.0.3
	gopd@1.2.0
	has-symbols@1.0.1 ⏵ 1.1.0		⁺²	⁺¹
	es-set-tostringtag@2.1.0
	function-bind@1.1.1 ⏵ 1.1.2		^-1
	safe-buffer@5.1.2 ⏵ 5.2.1	⁺¹
	for-each@0.3.3 ⏵ 0.3.5	⁺¹
	which-typed-array@1.1.19
See 337 more rows in the dashboard

View full report

socket-security · 2025-09-29T02:06:08Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Socket optimized override available for `aggregate-error@3.1.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/aggregate-error@3.1.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/aggregate-error@3.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `available-typed-arrays@1.0.7`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/available-typed-arrays@1.0.7` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/available-typed-arrays@1.0.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`axios@1.11.0` has a High CVE. CVE: GHSA-4hjh-wcwx-xvwj Axios is vulnerable to DoS attack through lack of data size check (HIGH) Affected versions: < 1.12.0 Patched version: 1.12.0 From: yarn.lock → `npm/axios@1.11.0` ℹ Read more on: This package \| This alert \| What is a CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/axios@1.11.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `es-define-property@1.0.1`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/es-define-property@1.0.1` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-define-property@1.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `es-set-tostringtag@2.1.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/es-set-tostringtag@2.1.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-set-tostringtag@2.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `gopd@1.2.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/gopd@1.2.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/gopd@1.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `has-property-descriptors@1.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/has-property-descriptors@1.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/has-property-descriptors@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `has-tostringtag@1.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/has-tostringtag@1.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/has-tostringtag@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `hasown@2.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/hasown@2.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/hasown@2.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `indent-string@4.0.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/indent-string@4.0.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/indent-string@4.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `is-typed-array@1.1.15`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/is-typed-array@1.1.15` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/is-typed-array@1.1.15`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `is-unicode-supported@0.1.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/is-unicode-supported@0.1.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/is-unicode-supported@0.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `set-function-length@1.2.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/set-function-length@1.2.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/set-function-length@1.2.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `typed-array-buffer@1.0.3`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/typed-array-buffer@1.0.3` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/typed-array-buffer@1.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `which-typed-array@1.1.19`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/which-typed-array@1.1.19` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/which-typed-array@1.1.19`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nomicfoundation/edr@0.11.3` has Shell access. Module: child_process Location: Package overview From: yarn.lock → `npm/@nomicfoundation/edr@0.11.3` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nomicfoundation/edr@0.11.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nomicfoundation/hardhat-ignition@0.15.13` has Shell access. Module: child_process Location: Package overview From: package.json → `npm/@nomicfoundation/hardhat-ignition@0.15.13` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nomicfoundation/hardhat-ignition@0.15.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nomicfoundation/solidity-analyzer@0.1.2` has Shell access. Module: child_process Location: Package overview From: yarn.lock → `npm/@nomicfoundation/solidity-analyzer@0.1.2` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nomicfoundation/solidity-analyzer@0.1.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`cross-spawn@7.0.6` has Shell access. Module: child_process Location: Package overview From: yarn.lock → `npm/cross-spawn@7.0.6` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/cross-spawn@7.0.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`foreground-child@3.3.1` has Shell access. Module: child_process Location: Package overview From: yarn.lock → `npm/foreground-child@3.3.1` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/foreground-child@3.3.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`hardhat@2.26.2` has Shell access. Module: child_process Location: Package overview From: package.json → `npm/hardhat@2.26.2` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/hardhat@2.26.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@cspotcode/source-map-support@0.8.1` has Filesystem access. Module: fs Location: Package overview From: yarn.lock → `npm/@cspotcode/source-map-support@0.8.1` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@cspotcode/source-map-support@0.8.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@cspotcode/source-map-support@0.8.1` has a Dynamic require. Location: Package overview From: yarn.lock → `npm/@cspotcode/source-map-support@0.8.1` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@cspotcode/source-map-support@0.8.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nodelib/fs.scandir@2.1.5` has Filesystem access. Module: fs Location: Package overview From: yarn.lock → `npm/@nodelib/fs.scandir@2.1.5` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nodelib/fs.scandir@2.1.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nodelib/fs.stat@2.0.5` has Filesystem access. Module: fs Location: Package overview From: yarn.lock → `npm/@nodelib/fs.stat@2.0.5` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nodelib/fs.stat@2.0.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nomicfoundation/edr@0.11.3` has Filesystem access. Module: fs Location: Package overview From: yarn.lock → `npm/@nomicfoundation/edr@0.11.3` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nomicfoundation/edr@0.11.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`@nomicfoundation/hardhat-ignition@0.15.13` has Filesystem access. Module: fs Location: Package overview From: package.json → `npm/@nomicfoundation/hardhat-ignition@0.15.13` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@nomicfoundation/hardhat-ignition@0.15.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 47 more rows in the dashboard

View full report

haydenadams and others added 30 commits September 20, 2019 16:17

simplify contract

1acb47a

fixes

5b47da1

refactor

b3926aa

fix bug

6aeed89

contracts: fix assignment bug

c611ebc

This fixes an apparent bug in the ERC20-ERC20 exchange contract, in which two methods use the equality operator == instead of the assignment operator =.

contracts: drop swapOutput

bfc8f36

drop getOutputPrice

300d8a1

Merge pull request Uniswap#2 from Uniswap/dropSwapOutput

bf6fbc9

contracts: drop swapOutput

contracts: split swapInput into two functions

2ca9261

add semicolon

c6fec39

fix recipient argument

13de4b8

declare swap function before it is called

a4c565e

contracts: track reserves in ERC20 and remove transferFrom

17adf85

switch to use currentOutputReserve

cc6902c

refactor

0483173

update addLiquidity

91823f5

update removeLiquidity

69aa7e9

remove external getInputPrice

3d38410

minor updates

c72a44e

Merge pull request Uniswap#4 from Uniswap/trackReserves

3047b69

contracts: track reserves in ERC20-ERC20 exchange and remove transferFrom

add Math library; change initial liquidity to geometric mean

2fd7e6b

remove redundant checks

a22aabf

wip

2906f71

refactor to keep stack small enough

3438db5

add recipient arg

2c319cb

remove unnecessary checks

7d151ee

fix spelling on reentrancyLock

180e1d6

make getInputPrice internal

dccac5c

update removeLiquidity

b15d19b

moodysalem and others added 26 commits April 15, 2020 08:53

Add back overrides to see if it fixes CI

ad31eae

prepare -> prepublishOnly

4e410e2

Merge pull request Uniswap#62 from Uniswap/prepare-for-npm

5f769f4

Prepare for deploying the contracts and build artifacts to npmjs

Widen the pragma (Uniswap#71)

bb21260

* Widen the pragma This reverts commit 528056e

Revert "Revert "remove confusing comment""

c5ff676

This reverts commit 6a67b82.

update build

52067cc

Prepare to release 1.0.0-beta.1

cd258cf

version bump

805309e

Remove build artifacts and add link to the README.md

463fd13

Remove check-compile-output.sh and related CI/scripts

cba736f

Prepare beta.3 with repository URL in package.json

7c96024

Couple more clean ups to the package.json

b01f3a7

Release v1.0.0

3cd7381

Generate metadata (Uniswap#78)

c04f322

Add emoji to description

9d5ba28

Add keywords

3d52245

Release v1.0.1.

39d70bf

feat: add stale config

12805b0

Merge pull request Uniswap#168 from Uniswap/add-stale

24ad4db

feat: add stale config

chore: forge init

40b5f7c

forge install: forge-std

1bbc4e5

v1.9.1

add tests for factory and erc20 (WIP)

753eb62

finished factory and erc20 tests

5b5aa62

use forge formatter

a073b1d

feat: test base hardhat

a41c3d8

kmk142789 approved these changes Sep 28, 2025

View reviewed changes

Merge branch 'feat/foundry-tests' into feat/hardhat-tests

93df1ff

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Feat/hardhat tests #235

Feat/hardhat tests #235

Uh oh!

EthanOK commented Aug 11, 2025

Uh oh!

socket-security bot commented Sep 29, 2025

Uh oh!

socket-security bot commented Sep 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

Feat/hardhat tests #235

Are you sure you want to change the base?

Feat/hardhat tests #235

Uh oh!

Conversation

EthanOK commented Aug 11, 2025

Uh oh!

socket-security bot commented Sep 29, 2025

Uh oh!

socket-security bot commented Sep 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants