Merge branch 'release/1.0.7'

.circleci/config.yml

@@ -12,22 +12,18 @@ jobs:
 
       - restore_cache:
           keys:
-          - dependencies-{{ checksum "package.json" }}
+          - dependencies-v2-{{ checksum "package.json" }}
 
       - run:
           name: Install global packages
-          command: sudo npm install -g codecov greenkeeper-lockfile@1
-
-      - run:
-          name: Greenkeeper Lockfile
-          command: greenkeeper-lockfile-update
+          command: sudo npm install -g codecov
 
       - run:
           name: Install dependencies
           command: npm install
 
       - save_cache:
-          key: dependencies-{{ checksum "package.json" }}
+          key: dependencies-v2-{{ checksum "package.json" }}
           paths:
             - node_modules
 
@@ -39,10 +35,6 @@ jobs:
           name: Unit Tests with Code Coverage
           command: npm run test:unit:cov
 
-      - run:
-          name: Push any lockfile changes
-          command: greenkeeper-lockfile-upload
-
       - run:
           name: Send reports to codecov.io
           command: codecov

.eslintrc.js

@@ -1,6 +1,6 @@
 module.exports = {
-  extends: ['standard', 'prettier', 'prettier/standard'],
-  plugins: ['prettier', 'standard', 'import', 'promise'],
+  extends: ['standard', 'plugin:prettier/recommended'],
+  plugins: ['mocha'],
   parserOptions: {
     sourceType: 'module'
   },

.github/dependabot.yml

@@ -0,0 +1,20 @@
+# Basic dependabot.yml file with
+# minimum configuration for two package managers
+
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: "/"
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: "daily"
+
+  # Enable version updates for Docker
+  # - package-ecosystem: "docker"
+  #   # Look for a `Dockerfile` in the `root` directory
+  #   directory: "/"
+  #   # Check for updates once a week
+  #   schedule:
+  #     interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,62 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [develop, master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [develop]
+  schedule:
+    - cron: '0 4 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['javascript']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.gitignore

@@ -59,3 +59,5 @@ typings/
 
 # next.js build output
 .next
+
+.vscode

.husky/.gitignore

@@ -0,0 +1 @@
+_

.husky/pre-commit

@@ -0,0 +1 @@
+npx --no-install lint-staged

.snyk

@@ -0,0 +1,4 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+patch: {}

CONTRIBUTING.md

@@ -16,7 +16,7 @@ See this handy, if ugly, [cheat sheet](http://danielkummer.github.io/git-flow-ch
 2. clone your fork to your local development machine
 3. Set this repo as the `upstream` repo `git remote add upstream <insert the upstream url>`
 4. Disallow direct pushing to upstream `git remote set-url --push upstream no_push`
-5. create a local `master` branch `git checkout -b master` and test it via `git pull upstream master`
+5. create a local `main` branch `git checkout -b main` and test it via `git pull upstream main`
 6. ensure you have installed the [`git-flow` command line helpers](https://github.com/nvie/gitflow) and [`git-flow-completion` utils](https://github.com/bobthecow/git-flow-completion) then run `git flow init -d`.
 
 #### Optional Git Setup
@@ -46,15 +46,15 @@ git config user.email "[email protected]"
 
 #### Hotfixes and Support branches
 
-It's basically the same process but use the word `hotfix` or `support` instead of `feature`. `git flow` knows what to do. Just keep in mind that any changes are going to happen to your fork, and not the upstream repo. If you need to merge a `hotfix` into upstream master you may only do it va a reviewed pull request.
+It's basically the same process but use the word `hotfix` or `support` instead of `feature`. `git flow` knows what to do. Just keep in mind that any changes are going to happen to your fork, and not the upstream repo. If you need to merge a `hotfix` into upstream main you may only do it va a reviewed pull request.
 
 ### Releasing to production
 
 1. `git flow release start {tag.number}` (using semantic versioning)
 2. commit any changes to version info in `package.json` then `git flow release publish {tag.number}`
-3. `git flow release finish {tag.number}` merges the release into `master` of your fork, tags it, merges that back into `develop` on your fork and removes the release branch.
-4. Now go back to GitHub and raise a Pull Request to merge the upstream master from your fork's `master` branch. When that goes through you are done.
-5. In your command-line go back and clean up any outstanding branches and `git pull upstream` your local `master` and `develop` branches to ensure everything on your local machine is up to date with everyone's changes.
+3. `git flow release finish {tag.number}` merges the release into `main` of your fork, tags it, merges that back into `develop` on your fork and removes the release branch.
+4. Now go back to GitHub and raise a Pull Request to merge the upstream main from your fork's `main` branch. When that goes through you are done.
+5. In your command-line go back and clean up any outstanding branches and `git pull upstream` your local `main` and `develop` branches to ensure everything on your local machine is up to date with everyone's changes.
 
 Note you will **never** push changes directly to the upstream project, _only to your own fork_.
 

README.md

@@ -37,7 +37,7 @@ npm install axios ir-api
 
 #### React Native
 
-**See below for instructions on using with React Native**
+**See below** for instructions on using with React Native
 
 ## The API
 
@@ -77,7 +77,7 @@ getOpenOrders()
   })
 ```
 
-### Passing parameters to methods
+### Passing Parameters to Methods
 
 Parameters are passed as an object, so for example
 
@@ -109,7 +109,7 @@ Under the hood the `ir-api` uses [`axios`](https://github.com/axios/axios) as it
 }
 ```
 
-You can change this by passing your own configuration object into the `ir` function.
+You can supply your own configuration object to the `ir` function.
 
 ```js
 const ir = require('ir-api')
@@ -122,11 +122,19 @@ const { getAccounts } = ir('my-api-key', 'my-api-secret', {
 
 You can supply any [configuration options that `axios` supports](https://github.com/axios/axios#axioscreateconfig), however if you change the `baseURL`, or `Content-Type` you will find the API calls stop working, so I don't advise doing that.
 
-If your app needs to run integration tests against a mock IR server (maybe you built one for this purpose) then this is where you'd override the `baseURL`.
+That said, if your app needs to run integration tests against a mock IR server (maybe you built one for this purpose) then this is where you'd override the `baseURL`.
+
+```js
+const ir = require('ir-api')
+
+const { getAccounts } = ir('my-api-key', 'my-api-secret', {
+  baseURL: 'https://localhost:8080/' // because maybe you are testing against a local mock server
+})
+```
 
 Independent Reserve's public API server can be quite slow which is why the `timeout` is set to `2500` by default. It's much faster if you use an `apiKey` and `apiSecret` however.
 
-### Default parameters
+### Default Parameters
 
 - `nonce`: computed for you
 - `pageIndex`: `1`
@@ -137,7 +145,7 @@ Independent Reserve's public API server can be quite slow which is why the `time
 
 All methods return a resolved promise so you can safely use `async` / `await`
 
-### Example
+### Example Gist
 
 See [this gist](https://gist.github.com/davesag/3567876481344419827e514bae78a02b) for an example of using the API to retrieve your IR balance, then get the market rates for each of your coins, convert to Australian Dollars and display a simple ASCII table with the results and a total.
 
@@ -148,7 +156,7 @@ See [this gist](https://gist.github.com/davesag/3567876481344419827e514bae78a02b
 - any other errors are simply thrown as normal javascript errors.
 - The API defines certain method parameters as required, as numbers, etc. If the values you pass in fail validation a `ValidationError` will be thrown. You can inspect `error.errors` for a map of the fields that failed validation and which validation they failed. The validations are by no means exhaustive but serve to save developers a request to the Independent Reserve servers if something is blatantly wrong.
 
-#### Handling timeouts
+#### Handling Timeouts
 
 The Independent Reserve API occasionally times out. The client will automatically attempt up to 3 retries of any timed-out idempotent request, with a delay of 250ms on first retry, 500ms on second, and 750ms on third. It will also extend the default timeout on each retried request.
 
@@ -178,7 +186,7 @@ Or with `yarn`
 yarn add axios crypto-browserify process querystring stream-browserify vm-browserify ir-api
 ```
 
-### Create a `./shim.js` file.
+### Create a `./shim.js` File
 
 Create a file called `shim.js` at the root of your project
 
@@ -210,11 +218,11 @@ if (typeof localStorage !== 'undefined') {
 require('crypto')
 ```
 
-### Then add `./shim.js` to your project
+### Then Add `./shim.js` to Your Project
 
 As early in the project as you can, such as in `<projectRoot>/index.js`, add `import './shim'`
 
-### Modify your `metro.conf.js` file.
+### Modify Your `metro.conf.js` File
 
 Insert the following [resolver config](https://facebook.github.io/metro/docs/en/configuration) in `./metro.conf.js`:
 
@@ -228,23 +236,23 @@ resolver: {
 },
 ```
 
-### Example
+### Example Mobile App
 
 See [`github.com/davesag/irMobile`](https://github.com/davesag/irMobile)
 
 ## Development
 
-[![Greenkeeper badge](https://badges.greenkeeper.io/davesag/ir-api.svg)](https://greenkeeper.io/)
+### Branches
 
 <!-- prettier-ignore -->
-| branch | status | coverage | notes |
-| ------ | ------ | -------- | ----- |
-| `develop` | [![CircleCI](https://circleci.com/gh/davesag/ir-api/tree/develop.svg?style=svg)](https://circleci.com/gh/davesag/ir-api/tree/develop) | [![codecov](https://codecov.io/gh/davesag/ir-api/branch/develop/graph/badge.svg)](https://codecov.io/gh/davesag/ir-api) | Work in progress |
-| `master` | [![CircleCI](https://circleci.com/gh/davesag/ir-api/tree/master.svg?style=svg)](https://circleci.com/gh/davesag/ir-api/tree/master) | [![codecov](https://codecov.io/gh/davesag/ir-api/branch/master/graph/badge.svg)](https://codecov.io/gh/davesag/ir-api) | Latest stable release |
+| branch | status | coverage | audit | notes |
+| ------ | ------ | -------- | ----- | ----- |
+| `develop` | [![CircleCI](https://circleci.com/gh/davesag/ir-api/tree/develop.svg?style=svg)](https://circleci.com/gh/davesag/ir-api/tree/develop) | [![codecov](https://codecov.io/gh/davesag/ir-api/branch/develop/graph/badge.svg)](https://codecov.io/gh/davesag/ir-api) | [![Vulnerabilities](https://snyk.io/test/github/davesag/ir-api/develop/badge.svg)](https://snyk.io/test/github/davesag/ir-api/develop) | Work in progress |
+| `main` | [![CircleCI](https://circleci.com/gh/davesag/ir-api/tree/main.svg?style=svg)](https://circleci.com/gh/davesag/ir-api/tree/main) | [![codecov](https://codecov.io/gh/davesag/ir-api/branch/main/graph/badge.svg)](https://codecov.io/gh/davesag/ir-api) | [![Vulnerabilities](https://snyk.io/test/github/davesag/ir-api/main/badge.svg)](https://snyk.io/test/github/davesag/ir-api/main) | Latest stable release |
 
 ### Prerequisites
 
-- [NodeJS](htps://nodejs.org), version 8.10.0 or better (I use [`nvm`](https://github.com/creationix/nvm) to manage Node versions — `brew install nvm`.)
+- [NodeJS](htps://nodejs.org), I use [`nvm`](https://github.com/creationix/nvm) to manage Node versions — `brew install nvm`.
 
 ### Initialisation
 
@@ -256,9 +264,8 @@ npm install
 
 - `npm test` — runs the unit tests
 - `npm run test:unit:cov` — runs the unit tests with code coverage
-- `npm run test:mutants` — runs the mutation tests
 
-### Lint it
+### Lint It
 
 ```sh
 npm run lint
@@ -268,7 +275,7 @@ npm run lint
 
 Please see the [contributing notes](CONTRIBUTING.md).
 
-### Other ways to contribute
+### Other Ways to Contribute
 
 - Join Independent Reserve using my referral code [`www.independentreserve.com/invite/AJNEHL`](https://www.independentreserve.com/invite/AJNEHL)
 - Send me Ether. `0xbd64860033c15c0af5df5a886b997f63a7723d5a`

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+| < 1.x   | :x:                |
+
+## Reporting a Vulnerability
+
+Report a vulnerability to [the author](https://about.me/davesag) directly.
+
+You can expect to get an update on a reported vulnerability within 2 working days.
+
+## Vulnerabilities in development dependencies
+
+I'm using `dependabot` to scan for security issues and update dependencies in the `develop` branch regularly.