Conversation
|
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
Co-authored-by: Jongsun Suh <jongsun.suh@icloud.com>
Co-authored-by: Jongsun Suh <jongsun.suh@icloud.com>
| ); | ||
| this.#deleteOldChainIds(); | ||
| this.#checkScheduleFileDownloadForAllChains(); | ||
| } |
There was a problem hiding this comment.
this.#updateChainStatus should be called for all chains recently seen, also I think should we called for chainId in usePPOM
There was a problem hiding this comment.
What does "recently seen" mean here?
There was a problem hiding this comment.
updateChainStatus in usePPOM added here 383b860
There was a problem hiding this comment.
Also wondering if there is a callback in network controller now which can be used to add networks to chainStatus as soon as user connects to it.
There was a problem hiding this comment.
Not from the network controller. Connecting to a network really just means that the network is permissioned for a certain dapp(s). Maybe we could get this from the PermissionsController?
There was a problem hiding this comment.
Hey @jpuri I think we may need to talk through a better way to identify a chain status since as Jiexi said above, in the upcoming multichain API
Connecting to a network really just means that the network is permissioned for a certain dapp(s)
if chainStatus is used to determine whether an incoming request might come for that chain we can't rely on "connection" status since it is really just has a dapp been granted permission to interact with that chain. This is very different from how it works now where we just permission accounts and then the user can "connect" to whatever chain and the dapp automatically gets "connected" to that chain. Long run we need to be able to serve requests that come from any of the "permissioned" chains many of which may not actually be active. So we should think of some protocol for warming up a given chain status when a first RPC request comes in for that chain and pausing any updates when it has been inactive for a while.
There was a problem hiding this comment.
In chainStatus we cache data for a chain so that for repeated requests we have it in cache, it is useful to add network to chainStatus as soon as user start interacting with it so that we have the data cache ready to be used when transaction is submitted.
Is there a way for us to identify when a user opens a DAPP connected to any chainId ?
There was a problem hiding this comment.
I think we could do this. That would mean going from connections -> origin -> networkClientId -> chainId and passing that to PPOM.
Can we tackle this as part of a separate PR?
There was a problem hiding this comment.
Can we tackle this as part of a separate PR?
➕
src/ppom-controller.ts
Outdated
| const chainId = addHexPrefix(networkConfig.chainId); | ||
| this.#updateChainStatus(chainId); | ||
| }, | ||
| ); |
There was a problem hiding this comment.
We want to cache files only for recently visited networks (visited in past 1 week)
There was a problem hiding this comment.
what exactly does "visited" mean here? sounds like you don't consider a network "visited" just because it shows up in the list of added networks. Does that mean "visited" is only true for the selected chain and any chains used inside usePPOM()?
There was a problem hiding this comment.
lastVisited is the time network was last visited. We fetch files only for networks visited in last 1 week. If we fetch files for all possible networks it will be too many files.
There was a problem hiding this comment.
If we can know when user connects to a new network we can add it to chainStatus it will be useful as it will also give chance to download network files before transaction comes.
|
@SocketSecurity ignore setimmediate@1.0.5 unmaintained |
|
@SocketSecurity ignore @spruceid/siwe-parser@1.1.3 The github repo itself has a README and has almost 1k stars |
|
@SocketSecurity ignore rlp@2.2.7 ralxz has contributed to numerous ethereumjs projects already |
MajorLift
force-pushed
the
jl/use-networkClientId-3
branch
from
fceeda5 to
dc2b7f4
Compare
|
I added some |
| "@metamask/base-controller": "^3.2.1", | ||
| "@metamask/controller-utils": "^5.0.0", | ||
| "@metamask/network-controller": "^15.2.0", |
There was a problem hiding this comment.
[nit] Not strictly necessary but all of these have newer versions available now.
|
Hi, just checking in — what's the status of this PR? Is this waiting on further review? |
5 participants
onNetworkChangenow updatesstate.chainStatusfornetworkState.providerConfig.chaindIdand each network configuration innetworkState.networkConfigurationsusePPOM()now accepts an optionalnetworkClientIdas the last param which will be used to override the default chainId and providerNetworkController:getNetworkClientById