Tribaldex Blog

Wrong Branch, Right Fix: Cleaning Up the Real History Repo

@thecrazygm73
Synergy Builders

Hey everyone,

Well, that was a false start.

After my post yesterday about fixing up the master branch of the ssc_tokens_history repo, @forkyishere kindly pointed out that I was essentially polishing a museum exhibit. Turns out, the community actually uses the hive branch. It relies on MongoDB instead of Postgres and is generally "more" updated.

I switched branches to take a look. If I thought the last one was dusty, this one was a hazard. npm audit screamed 37 vulnerabilities at me, including critical ones.

So, I rolled up my sleeves for Round Two.

The Cleanup (PR #34)

I’ve submitted Pull Request #34, which is a much more aggressive cleanup than the last one.

What I Changed:

  • Dead Code Removal: Since the hive branch uses MongoDB, the pg (Postgres) dependency was useless weight. I removed it entirely.
  • Fixing Dependency Hell: The old setup was trying to use eslint-config-airbnb, which pulls in a bunch of React dependencies we don't need for a backend service. I swapped it for eslint-config-airbnb-base and pinned eslint to v8. This resolved the peer dependency conflicts that were previously breaking clean installs.
  • Security Overrides: Added overrides for axios and diff. These were buried deep in the dependency tree and causing critical/high-severity flags.
  • Fixing the Tests: Updating sscjs broke a test in tokens.js because the new library returns an extra issuer field. I updated the test logic to handle the new data structure correctly.

The Result

We are down to 0 vulnerabilities.

I verified the changes by running the full test suite (npm run test-all), and all 26 tests passed. Best of all, npm install now runs cleanly without needing any --force flags.

Bonus

screenshot-20260126-053154.png

Even though it works it does give some warnings, I put in PR #35: https://github.com/hive-engine/ssc_tokens_history/pull/35 to address those as well, so I guess it depends on if warnings are acceptable.

Thanks to @forkyishere for the heads-up. Now the actual infrastructure is secure.

As always,
Michael Garcia a.k.a. TheCrazyGM

devhive-enginearchontribespimpproofofbrainarcadecolony
0.28605650 BEE
3 comments
@forkyishere67

Very appreciative of the work you are doing.

And please, don't take this comment as a dismiss (or undervaluing) of the importance of having things properly updated, but I want to make sure people read things with the right context...

Now the actual infrastructure is secure.

Very little people uses the history DB on HE.

Its also a massive DB (in terms of records) and not essencial for block production or any actions on Hive Engine, so it does not affect consensus or security of the Hive Engine layer.

Yes there are a few projects using it, but given its mostly a read only DB, its mostly protected by nature. There is always room for improvement, and this is why I enjoy decentralized work like this.

So, as a witness I will test it myself on my side and report back via the PR 35 where I already replied.

Unsure whom else will have time to test or give you feedback about it, but I will reblog this for more visibility.

0.00435528 BEE
@ecoinstant77

A bit of editorializing, for sure - thanks for paying attention!

0.00013192 BEE
@thecrazygm73

Yeah, i probably could have worded that better.

0.00000000 BEE
@forkyishere67

No worries! I know it was with good intentions...

0.00000000 BEE
@ecoinstant77

@forkyishere is such a great guy!

!PIMP
!PAKX
!PIZZA

0.00042219 BEE
@pakx52

View or trade PAKX tokens.

@ecoinstant, PAKX has voted the post by @thecrazygm. (1/2 calls)



Use !PAKX command if you hold enough balance to call for a @pakx vote on worthy posts! More details available on PAKX Blog.

0.00000000 BEE
@forkyishere67
(edited)

Still haven't met you (IRL), but one day!

0.00426006 BEE
@pizzabot59

PIZZA!

$PIZZA slices delivered:
@ecoinstant(1/20) tipped @thecrazygm

Join us in Discord!

0.00000000 BEE