Skip to content

fix: resolve npm audit vulnerabilities, fix repo urls, remove stale types#57

Closed
0xAxiom wants to merge 2 commits intomainfrom
fix/security-audit-and-cleanup
Closed

fix: resolve npm audit vulnerabilities, fix repo urls, remove stale types#57
0xAxiom wants to merge 2 commits intomainfrom
fix/security-audit-and-cleanup

Conversation

@0xAxiom
Copy link
Owner

@0xAxiom 0xAxiom commented Feb 28, 2026

What

  • Resolve all 3 npm audit vulnerabilities (0 remaining)
  • Fix repository/bugs URLs in package.json (pointed to fork instead of upstream)
  • Remove stale @types/inquirer from CLI (inquirer 12+ ships built-in types)

Why

  • minimatch had multiple ReDoS vulnerabilities (HIGH severity)
  • rollup 4.0-4.58 had arbitrary file write via path traversal (HIGH severity)
  • ajv had ReDoS when using data option (MODERATE severity)
  • package.json repository URL pointed to 0xAxiom/AppFactory instead of MeltedMindz/AppFactory
  • @types/inquirer@^9.0.7 is unnecessary with inquirer 12+ which has built-in TypeScript types

Tested

  • npm audit returns 0 vulnerabilities
  • npm run ci passes (pre-existing lint warnings unchanged)
  • All lock files regenerated cleanly

@0xAxiom
feat(app-factory): enhance base-tx-decoder with comprehensive agentsk…
b1fe2fd 
…ills showcase

- Created enhanced base-tx-decoder-v2 with comprehensive skill integration
- Added POWERED BY AGENTSKILLS section with Etherscan API, Web3 RPC, Base Network callouts
- Enhanced visual design with skill integration indicators
- Addresses 8/10 to 9/10 upgrade path (skill integration 1/2 to 2/2)
- Built and deployed enhanced versions (auth-protected)
- Original base-tx-decoder confirmed stable 8/10 score
- Fixed linting issues (unused variable)
@0xAxiom
fix: resolve npm audit vulnerabilities, fix repo urls, remove stale t…
22910cb 
…ypes

- run npm audit fix to resolve 3 vulnerabilities:
  - minimatch ReDoS (high severity)
  - rollup arbitrary file write (high severity)
  - ajv ReDoS (moderate severity)
- fix repository/bugs URLs in package.json (0xAxiom -> MeltedMindz)
- remove stale @types/inquirer from CLI (inquirer 12+ has built-in types)
@0xAxiom 0xAxiom requested a review from MeltedMindz as a code owner February 28, 2026 01:04
@0xAxiom 0xAxiom closed this Feb 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MeltedMindz MeltedMindz Awaiting requested review from MeltedMindz MeltedMindz is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xAxiom