Wrong Branch, Right Fix: Cleaning Up the Real History Repo

15 days ago

Hey everyone,

Well, that was a false start.

After my post yesterday about fixing up the master branch of the ssc_tokens_history repo, @forkyishere kindly pointed out that I was essentially polishing a museum exhibit. Turns out, the community actually uses the hive branch. It relies on MongoDB instead of Postgres and is generally "more" updated.

I switched branches to take a look. If I thought the last one was dusty, this one was a hazard. npm audit screamed 37 vulnerabilities at me, including critical ones.

So, I rolled up my sleeves for Round Two.

The Cleanup (PR #34)

I’ve submitted Pull Request #34, which is a much more aggressive cleanup than the last one.

Link: https://github.com/hive-engine/ssc_tokens_history/pull/34

What I Changed:

Dead Code Removal: Since the hive branch uses MongoDB, the pg (Postgres) dependency was useless weight. I removed it entirely.
Fixing Dependency Hell: The old setup was trying to use eslint-config-airbnb, which pulls in a bunch of React dependencies we don't need for a backend service. I swapped it for eslint-config-airbnb-base and pinned eslint to v8. This resolved the peer dependency conflicts that were previously breaking clean installs.
Security Overrides: Added overrides for axios and diff. These were buried deep in the dependency tree and causing critical/high-severity flags.
Fixing the Tests: Updating sscjs broke a test in tokens.js because the new library returns an extra issuer field. I updated the test logic to handle the new data structure correctly.

The Result

We are down to 0 vulnerabilities.

I verified the changes by running the full test suite (npm run test-all), and all 26 tests passed. Best of all, npm install now runs cleanly without needing any --force flags.

Bonus

Even though it works it does give some warnings, I put in PR #35: https://github.com/hive-engine/ssc_tokens_history/pull/35 to address those as well, so I guess it depends on if warnings are acceptable.

Thanks to @forkyishere for the heads-up. Now the actual infrastructure is secure.

As always,
Michael Garcia a.k.a. TheCrazyGM

dev hive-engine archon tribes pimp proofofbrain arcadecolony

0.000

11 comments

@ecoinstant 78

14 days ago

@forkyishere is such a great guy!

!PIMP
!PAKX
!PIZZA

0.000

@pakx 52

14 days ago

^{View or trade PAKX tokens.}	@ecoinstant, PAKX has voted the post by @thecrazygm. (1/2 calls) Use !PAKX command if you hold enough balance to call for a @pakx vote on worthy posts! More details available on PAKX Blog.

0.000

@forkyishere 68

14 days ago (Edited)

Still haven't met you (IRL), but one day!

0.000

@pizzabot 59

14 days ago

PIZZA!

$PIZZA slices delivered:
@ecoinstant_(1/20) tipped @thecrazygm

_{Join us in Discord!}

0.000

@forkyishere 68

14 days ago

Very appreciative of the work you are doing.

And please, don't take this comment as a dismiss (or undervaluing) of the importance of having things properly updated, but I want to make sure people read things with the right context...

Now the actual infrastructure is secure.

Very little people uses the history DB on HE.

Its also a massive DB (in terms of records) and not essencial for block production or any actions on Hive Engine, so it does not affect consensus or security of the Hive Engine layer.

Yes there are a few projects using it, but given its mostly a read only DB, its mostly protected by nature. There is always room for improvement, and this is why I enjoy decentralized work like this.

So, as a witness I will test it myself on my side and report back via the PR 35 where I already replied.

Unsure whom else will have time to test or give you feedback about it, but I will reblog this for more visibility.

0.000

@ecoinstant 78

14 days ago

A bit of editorializing, for sure - thanks for paying attention!

0.000

@thecrazygm 74

14 days ago

Yeah, i probably could have worded that better.

0.000

@forkyishere 68

14 days ago

No worries! I know it was with good intentions...

0.000

@hivebuzz 74

13 days ago

Congratulations @thecrazygm! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

	You distributed more than 35000 upvotes. Your next target is to reach 36000 upvotes.

_{You can view your badges on your board and compare yourself to others in the Ranking}
_{If you no longer want to receive notifications, reply to this comment with the word STOP}

0.000

@tydynrain 73

13 days ago

I saw that comment by Forky, and I had a feeling that you were going to dive into the other repo too, which you did very thankfully. Thank you again for the very useful and important contributions that you make! 😁🙏💚✨🤙

0.000

@hivebuzz 74

8 days ago

Congratulations @thecrazygm! Your post has been a top performer on the Hive blockchain and you have been rewarded with this rare badge

	Post with the highest payout of the week.

_{You can view your badges on your board and compare yourself to others in the Ranking}
_{If you no longer want to receive notifications, reply to this comment with the word STOP}

Check out our last posts:

	Hive Power Up Month Challenge - January 2026 Winners List
	Be ready for the February edition of the Hive Power Up Month!
	Hive Power Up Day - February 1st 2026

0.000