Installations
npm install @ethereumjs/mptReleases
355
@ethereumjs/vm v8.1.1
@ethereumjs/vm@8.1.1
Published on 09 Sept 2024
@ethereumjs/evm v3.1.1
@ethereumjs/evm@3.1.1
Published on 09 Sept 2024
@ethereumjs/client v0.10.2
@ethereumjs/client@0.10.2
Published on 15 Aug 2024
@ethereumjs/vm@8.1.0
@ethereumjs/vm@8.1.0
Published on 15 Aug 2024
@ethereumjs/evm v3.1.0
@ethereumjs/evm@3.1.0
Published on 15 Aug 2024
@ethereumjs/blockchain v7.3.0
@ethereumjs/blockchain@7.3.0
Published on 15 Aug 2024
Developer
ethereumjs
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=18
Typescript Support
Yes
Node Version
20.12.2
NPM Version
10.5.0
Statistics
2,604 Stars
8,343 Commits
760 Forks
64 Watching
126 Branches
202 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (97.66%)
JavaScript (1.56%)
Shell (0.49%)
HTML (0.22%)
Python (0.06%)
Solidity (0.01%)
Dockerfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
290
Last day
0%
1
Compared to previous day
Last week
211.1%
28
Compared to previous week
Last month
11.7%
153
Compared to previous month
Last year
0%
290
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
EthereumJS Monorepo
This repository holds various protocol building blocks of the Ethereum blockchain execution layer and is managed by the Ethereum Foundation JavaScript team. There is a TypeScript implementation of the Ethereum Virtual Machine (EVM) ready to be used in Node.js or a browser environment, implementations of core structural blockchain building blocks like an Ethereum Tx, Block or Blockchain as well as a MPT (Merkle Patricia Tree) and devp2p (execution networking layer) implementation.
All libraries are bound together by the core Common library keeping track of chain specifics and hardfork changes. They are complemented by helper packages like RLP for data encoding/decoding or Util, providing helper functionalities like (byte) conversion, signatures, types and others.
Finally, the EthereumJS Execution Client (EthereumJS) has been in active development for some time now. It already serves a variety of purposes like testing, research (e.g. EIPs) and developer tooling to engage with the protocol.
Also to note: on the Ethereum Consensus side, the ChainSafe Lodestar repository complements this repository with an Ethereum Consensus Client implementation as well as various protocol implementations (like an SSZ library) developed in the context of Ethereum Consensus layer evolution.
Packages
Below you can find a list of the packages included in this repository.
Branches
The following are our currently active branches:
| Branch | Release Series | Status | Â Description |
|---|---|---|---|
| master | Upcoming (Autumn 2024) | Develop | Breaking release work |
| maintenance-v8 | v7/v8 | Maintenance | Maintenance for v8 releases (v7 also included) |
| maintenance-v6 | v6 | Maintenance | Maintenance for v6 releases |
Breaking releases are mostly done in sync for all libraries (latest exceptions: VM v8, EVM v3), and release cycles are currently named after the @ethereumjs/vm version. In most cases PRs should be opened towards the current working branch. If there is no current working branch, please ask! 🙂
To inspect code related to a specific package version, refer to the tags.
Coverage report
Detailed version can be seen on Codecov.io
Package dependency relationship
1 graph TD 2 vm{vm} 3 client{client} 4 ethash --> blockchain 5 ethash --> client 6 devp2p --> client 7 block --> client 8 block --> blockchain 9 block --> ethash 10 block --> vm 11 blockchain --> client 12 mpt --> client 13 mpt --> vm 14 mpt --> blockchain 15 mpt --> block 16 mpt --> statemanager 17 util --> common 18 common --> block 19 common --> statemanager 20 common --> tx 21 common --> blockchain 22 common --> vm 23 common --> evm 24 common --> client 25 common --> devp2p 26 common --> genesis 27 evm --> vm 28 evm --> client 29 genesis --> client 30 genesis --> statemanager 31 genesis --> mpt 32 tx --> block 33 tx --> vm 34 tx --> client 35 vm --> client 36 rlp --> util 37 statemanager --> evm 38 statemanager --> vm 39 statemanager --> client
To update the diagram above edit the README file and open a new PR with the changes.
Getting Started
See our monorepo documentation to get started on setting up the repository and installing dependencies. The config folder gives an overview on shared configuration and scripts between packages.
EthereumJS
See our organizational documentation for an introduction to EthereumJS as well as information on current standards and best practices. If you want to join for work or carry out improvements on the libraries, please review our contribution guidelines first.
License
Most packages are MPL-2.0 licensed, see package folder for the respective license.
No vulnerabilities found.
Reason
30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
Found 29/30 approved changesets -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/block-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/block-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/block-build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/block-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/block-build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/block-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/block-build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/block-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/block-build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/block-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/blockchain-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/blockchain-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/blockchain-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/blockchain-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/blockchain-build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/blockchain-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/blockchain-build.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/blockchain-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/browser.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/browser.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/browser.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/browser.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-build.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/client-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/common-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/common-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/common-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/common-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/common-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/common-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/common-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/common-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cspell.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/cspell.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cspell.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/cspell.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devp2p-build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/devp2p-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devp2p-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/devp2p-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devp2p-build.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/devp2p-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devp2p-build.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/devp2p-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ethash-build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/ethash-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ethash-build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/ethash-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ethash-build.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/ethash-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ethash-build.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/ethash-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/evm-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/evm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/evm-build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/evm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/evm-build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/evm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/evm-build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/evm-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/evm-build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/evm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/examples.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/examples.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/examples.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/genesis-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/genesis-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/genesis-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/genesis-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/genesis-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/genesis-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/genesis-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/genesis-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lockfile.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lockfile.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lockfile.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lockfile.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lockfile.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/lockfile.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mpt-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/mpt-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mpt-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/mpt-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mpt-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/mpt-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/mpt-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/mpt-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-versions.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/node-versions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-versions.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/node-versions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rlp-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/rlp-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rlp-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/rlp-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rlp-build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/rlp-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rlp-build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/rlp-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/statemanager-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/statemanager-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/statemanager-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/statemanager-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/statemanager-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/statemanager-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/statemanager-build.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/statemanager-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tx-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/tx-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tx-build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/tx-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tx-build.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/tx-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tx-build.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/tx-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tx-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/tx-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/util-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/util-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/util-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/util-build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/util-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verkle-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/verkle-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verkle-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/verkle-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verkle-build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/verkle-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-nightly-test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vm-pr.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/vm-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wallet-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/wallet-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wallet-build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/wallet-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wallet-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/wallet-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/wallet-build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/ethereumjs/ethereumjs-monorepo/wallet-build.yml/master?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:12: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
- Warn: npmCommand not pinned by hash: Dockerfile:7
- Warn: npmCommand not pinned by hash: Dockerfile:10
- Warn: npmCommand not pinned by hash: scripts/e2e-publish.sh:20
- Warn: npmCommand not pinned by hash: .github/workflows/lockfile.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/vm-nightly-test.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/vm-nightly-test.yml:54
- Warn: npmCommand not pinned by hash: .github/workflows/vm-nightly-test.yml:76
- Warn: npmCommand not pinned by hash: .github/workflows/vm-nightly-test.yml:99
- Info: 0 out of 117 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 20 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 30 out of 38 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/block-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/blockchain-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/browser.yml:1
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/client-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/common-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/cspell.yml:1
- Warn: no topLevel permission defined: .github/workflows/devp2p-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/ethash-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/evm-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/genesis-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/lockfile.yml:1
- Warn: no topLevel permission defined: .github/workflows/mpt-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-versions.yml:1
- Warn: no topLevel permission defined: .github/workflows/rlp-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/statemanager-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/tx-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/typecheck.yml:1
- Warn: no topLevel permission defined: .github/workflows/util-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/verkle-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/vm-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/vm-nightly-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/vm-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/wallet-build.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.6
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More