Feat/add avalanche polygon by cowdan · Pull Request #921 · cowprotocol/token-lists

cowdan · 2025-05-20T09:15:53Z

Summary by CodeRabbit

New Features
- Added support for Polygon and Avalanche networks across token list generation, permit info scripts, and GitHub issue templates.
- Introduced comprehensive Uniswap token lists for Polygon and Avalanche.
- Added permit info files for Polygon and Avalanche.
- Added new scripts to fetch permit info for all chains and by specific chain.
Improvements
- Enhanced logging with structured log files and progress messages for token list processing using Winston.
- Refined image downloading script with improved error handling, directory management, and summary reporting.
- Improved organization and coverage in the .gitignore file.
- Updated README with new prerequisites and expanded network support.
- Reformatted workflow and issue processing to include new networks and improve consistency.
Chores
- Upgraded dependencies and scripts for better maintainability and multi-network support.
- Cleaned up old logs before processing token lists.

Test
New networks tokens can be checked here:

- add `Avalanche` and `Polygon` networks - add `winston` logger

coderabbitai · 2025-05-20T09:15:59Z

"""

Walkthrough

This update adds support for the Polygon and Avalanche blockchains across scripts, configuration, and documentation. It introduces new Uniswap token list JSONs for these networks, updates permit info workflows and scripts, enhances logging infrastructure via Winston, and improves the organization of ignore files and documentation. Several scripts are modularized and refactored for clarity and maintainability.

Changes

Files / Areas	Change Summary
.gitignore	Reorganized with section comments, grouped ignore patterns, added `*.log` for logs, and clarified temporary files.
README.md	Added Node.js version prerequisite, marked image download as deprecated, and documented Polygon/Avalanche support.
package.json	Refactored scripts for permit info (split, added Avalanche/Polygon), updated dependencies (`@cowprotocol/cow-sdk`, added `winston`).
.github/ISSUE_TEMPLATE/1-addTokenForm.yml .github/ISSUE_TEMPLATE/2-addImageForm.yml .github/ISSUE_TEMPLATE/3-removeTokenForm.yml	Added "POLYGON" and "AVALANCHE" as network options in token/image add/remove GitHub issue templates.
.github/workflows/updatePermitInfo.yml	Added Polygon (137) and Avalanche (43114) to the workflow matrix for permit info updates.
src/permitInfo/const.ts	Added default RPC URLs for Polygon and Avalanche to `DEFAULT_RPC_URLS`.
src/permitInfo/fetchAllPermitInfo.ts	New script to fetch permit info for all supported chains using a logger.
src/permitInfo/fetchPermitInfo.ts	Refactored from CLI script to exported function accepting an options object; removed direct execution.
src/permitInfo/fetchPermitInfoByChain.ts	New script to fetch permit info for a single chain based on CLI arguments.
src/permitInfo/utils/getTokensFromTokenList.ts	Added Polygon and Avalanche to token list mapping.
src/public/Uniswap.137.json src/public/Uniswap.43114.json	Added Uniswap token list JSONs for Polygon and Avalanche, including token metadata and bridge info.
src/public/PermitInfo.137.json src/public/PermitInfo.43114.json	Added empty permit info JSON files for Polygon and Avalanche.
src/scripts/auxLists/coingecko.ts src/scripts/auxLists/uniswap.ts	Added structured logging (Winston), display chain names, and passed logger through token processing functions.
src/scripts/auxLists/index.ts	Added old log removal before processing token lists.
src/scripts/auxLists/processTokenList.ts	Replaced `console.log` with Winston logger, extended params to require logger, clarified messages.
src/scripts/auxLists/utils.ts	Added Polygon/Avalanche to supported chains, implemented `removeOldLogs` and `getLogger` functions using Winston, improved log file management.
src/scripts/coingecko.ts	Ensured target directory exists before writing JSON files.
src/scripts/downloadImages.js	Modularized image download logic, added helper functions, improved progress/error reporting, switched to absolute paths, and summarized results.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Script
    participant Logger
    participant TokenList
    participant FileSystem

    User->>Script: Start token list processing (e.g., coingecko/uniswap)
    Script->>Logger: Initialize logger (getLogger)
    Script->>FileSystem: removeOldLogs()
    Script->>TokenList: Fetch and process tokens for each chain
    Script->>Logger: Log progress and info
    TokenList->>Logger: Log token list processing steps
    Script->>FileSystem: Write updated token list JSONs
    Script->>Logger: Log completion

sequenceDiagram
    participant Workflow
    participant fetchAllPermitInfo
    participant fetchPermitInfo
    participant Logger

    Workflow->>fetchAllPermitInfo: Start permit info update
    fetchAllPermitInfo->>Logger: Initialize logger
    loop For each SupportedChainId
        fetchAllPermitInfo->>fetchPermitInfo: Fetch permit info for chain
        fetchPermitInfo->>Logger: Log errors/info
    end
    fetchAllPermitInfo->>Logger: Log completion

Poem

🐇
Polygon and Avalanche hop into view,
With logs all neat and tokens new.
Permit info scripts now dance with flair,
And images download with extra care.
Winston the logger keeps all in line—
This bunny’s code is looking fine!
🌱✨
"""

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d94d390 and 399345e.

📒 Files selected for processing (3)

src/public/CoinGecko.1.json (2 hunks)
src/public/CoinGecko.42161.json (2 hunks)
src/public/CoinGecko.8453.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

src/public/CoinGecko.42161.json
src/public/CoinGecko.1.json
src/public/CoinGecko.8453.json

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

github-actions · 2025-05-20T09:16:07Z

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (9)

src/scripts/downloadImages.js (2)
14-85: Consider integrating with the new Winston logging system

For consistency with other scripts in this PR, consider replacing console.log/error calls with the Winston logger introduced elsewhere in the codebase.
+ import { getLogger } from './auxLists/utils'
+
+ const logger = getLogger('downloadImages')

  async function downloadImage(logoURI, filePath) {
    // Skip if file already exists
    if (existsSync(filePath)) {
-     return { skipped: true }
+     logger.info(`File already exists: ${filePath}`)
+     return { skipped: true }
    }

    const response = await fetch(logoURI)
    if (!response.ok) {
-     throw new Error(`HTTP error! status: ${response.status}`)
+     throw new Error(`HTTP error! status: ${response.status}`)
    }

    // ...
  }

  // Update console.log calls throughout the file with logger equivalents
- console.log(`Downloading image for ${symbol} (${name})
+ logger.info(`Downloading image for ${symbol} (${name})
    URI: ${logoURI}
    File: ${filePath}\n`)

- console.error(`Error downloading image for ${symbol} (${name}): ${error.message}`)
+ logger.error(`Error downloading image for ${symbol} (${name}): ${error.message}`)
58-72: Consider adding a retry mechanism for failed downloads

Network errors are common when downloading multiple files. Adding a retry mechanism with exponential backoff would improve robustness.
+ import { backOff } from 'exponential-backoff'; // Already a dependency in package.json

  async function downloadImage(logoURI, filePath) {
    // Skip if file already exists
    if (existsSync(filePath)) {
      return { skipped: true }
    }

+   return await backOff(
+     async () => {
        const response = await fetch(logoURI)
        if (!response.ok) {
          throw new Error(`HTTP error! status: ${response.status}`)
        }

        await ensureDirectoryExists(filePath)
        const fileStream = createWriteStream(filePath)

        return new Promise((resolve, reject) => {
          // Convert Web ReadableStream to Node.js stream
          const nodeReadable = Readable.fromWeb(response.body)
          nodeReadable.pipe(fileStream)

          fileStream.on('finish', () => {
            resolve({ downloaded: true })
          })
          fileStream.on('error', (error) => {
            reject(error)
          })
        })
+     },
+     {
+       numOfAttempts: 3,
+       startingDelay: 1000,
+       timeMultiple: 2,
+       retry: (e, attemptNumber) => {
+         console.warn(`Retry attempt ${attemptNumber} for download: ${e.message}`)
+         return true
+       }
+     }
+   );
  }
README.md (1)
55-58: Fix spelling and formatting in Prerequisites section.

There are a couple of issues in the Prerequisites section:

"Prerequistes" is misspelled - should be "Prerequisites"

"nodeJs" should be "Node.js" (correct capitalization)

Consider using a proper heading (###) instead of bold text for better document structure
-**Prerequistes**
-
-Currently runs on nodeJs LTS/Gallium v16.20.2
+### Prerequisites
+
+Currently runs on Node.js LTS/Gallium v16.20.2
🧰 Tools

🪛 LanguageTool

[uncategorized] ~57-~57: The official spelling of this programming framework is “Node.js”.
Context: ...up Prerequistes Currently runs on nodeJs LTS/Gallium v16.20.2 ```bash # Instal...

(NODE_JS)

🪛 markdownlint-cli2 (0.17.2)

55-55: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)
src/scripts/auxLists/coingecko.ts (2)
60-60: Consider updating error logging to use Winston logger

The function still uses console.error for logging errors while the rest of the file has been updated to use Winston structured logging.

Consider replacing console.error with the Winston logger for consistency:
- console.error(`Error fetching Coingecko's coin list:`, error)
+ logger.error(`Error fetching Coingecko's coin list:`, { error })
This would require adding a logger parameter to the getCoingeckoMarket function.

156-156: Consider updating error logging to use Winston logger

Similar to the earlier comment, this error logging should be updated to use the Winston logger for consistency.

Consider replacing console.error with the Winston logger:
- console.error(`Error processing CoinGecko tokens for chain ${chainId}:`, error)
+ logger.error(`Error processing CoinGecko tokens for chain ${chainId}:`, { error })
src/scripts/auxLists/uniswap.ts (4)
113-114: Consider using Winston logger for error handling

The function still uses console.error for error logging even though a Winston logger is now available. For consistency, consider using the passed logger for error handling.
  } catch (error) {
-    console.error(`Error processing Uniswap tokens for chain ${chainId}:`, error)
+    logger.error(`Error processing Uniswap tokens for chain ${chainId}:`, { error: error instanceof Error ? error.message : String(error) })
  }
34-35: Consider using Winston logger in getUniswapTokens

For consistency with the rest of the codebase, consider updating this function to accept and use the Winston logger instead of console.error.
-async function getUniswapTokens(): Promise<TokenInfo[]> {
+async function getUniswapTokens(logger: Logger): Promise<TokenInfo[]> {
  try {
    const response = await fetch(UNISWAP_LIST)
    if (!response.ok) {
      throw new Error(`Failed to fetch Uniswap list: ${response.statusText}`)
    }
    const list = await response.json()
    return list.tokens
  } catch (error) {
-    console.error('Error fetching Uniswap tokens:', error)
+    logger.error('Error fetching Uniswap tokens:', { error: error instanceof Error ? error.message : String(error) })
    return []
  }
}
Then update line 125:
-  const uniTokens = await getUniswapTokens()
+  const uniTokens = await getUniswapTokens(logger)
67-68: Consider using Winston logger for warnings

For consistency with the rest of the logging enhancements, consider using the Winston logger for this warning message as well.

Since this function doesn't currently have access to the logger, you would need to add it as a parameter:
async function mapUniMainnetToChainTokens(
  chain: SupportedChainId,
  uniTokens: TokenInfo[],
  coingeckoTokensForChain: TokenInfo[],
  coingeckoIdsMap: CoingeckoIdsMap,
+  logger: Logger,
): Promise<TokenInfo[]> {
  // ...
  
  if (!coingeckoMainnetName || !coingeckoChainName) {
-    console.warn(`Missing Coingecko chain mapping for chain ${chain}`)
+    logger.warn(`Missing Coingecko chain mapping for chain ${chain}`)
    return Object.values(chainTokens)
  }
And update the call site accordingly.

133-133: Consider using the logger instead of console.log

Since you're now using a Winston logger, consider using it for this message instead of console.log for consistency.
-      console.log(`Processing Uniswap tokens for ${DISPLAY_CHAIN_NAMES[chain as SupportedChainId]}...`)
+      logger.info(`Processing Uniswap tokens for ${DISPLAY_CHAIN_NAMES[chain as SupportedChainId]}...`)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 1b21053 and 80d6911.

⛔ Files ignored due to path filters (1)

yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (13)

.gitignore (1 hunks)
README.md (3 hunks)
package.json (3 hunks)
src/permitInfo/const.ts (1 hunks)
src/public/Uniswap.137.json (1 hunks)
src/public/Uniswap.43114.json (1 hunks)
src/scripts/auxLists/coingecko.ts (4 hunks)
src/scripts/auxLists/index.ts (2 hunks)
src/scripts/auxLists/processTokenList.ts (4 hunks)
src/scripts/auxLists/uniswap.ts (4 hunks)
src/scripts/auxLists/utils.ts (4 hunks)
src/scripts/coingecko.ts (1 hunks)
src/scripts/downloadImages.js (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (3)

src/scripts/auxLists/index.ts (1)

src/scripts/auxLists/utils.ts (1)

removeOldLogs (121-128)

src/scripts/auxLists/coingecko.ts (1)

src/scripts/auxLists/utils.ts (3)

getLogger (131-144)

COINGECKO_CHAINS (31-39)

DISPLAY_CHAIN_NAMES (41-49)

src/scripts/auxLists/uniswap.ts (1)

src/scripts/auxLists/utils.ts (3)

getLogger (131-144)

COINGECKO_CHAINS (31-39)

DISPLAY_CHAIN_NAMES (41-49)

🪛 LanguageTool

README.md

[uncategorized] ~57-~57: The official spelling of this programming framework is “Node.js”.
Context: ...up Prerequistes Currently runs on nodeJs LTS/Gallium v16.20.2 ```bash # Instal...

(NODE_JS)

🪛 markdownlint-cli2 (0.17.2)

README.md

55-55: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

🪛 Gitleaks (8.26.0)

src/public/Uniswap.137.json

38-38: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

53-53: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

68-68: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

83-83: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

98-98: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

113-113: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

128-128: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

143-143: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

158-158: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

173-173: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

188-188: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

203-203: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

218-218: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

248-248: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

263-263: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

278-278: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

293-293: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

308-308: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

323-323: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

338-338: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

353-353: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

368-368: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

383-383: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

398-398: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

413-413: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

428-428: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

443-443: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

458-458: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

473-473: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

488-488: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

503-503: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

518-518: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

533-533: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

548-548: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

563-563: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

578-578: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

593-593: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

608-608: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

623-623: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

638-638: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

653-653: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

668-668: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

683-683: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

698-698: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

713-713: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

728-728: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

743-743: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

758-758: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

773-773: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

788-788: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

803-803: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

818-818: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

833-833: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

848-848: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

863-863: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

878-878: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

893-893: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

908-908: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

923-923: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

938-938: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

953-953: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

968-968: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

983-983: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

998-998: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1013-1013: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1028-1028: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1043-1043: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1058-1058: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1073-1073: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1088-1088: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1103-1103: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1118-1118: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1133-1133: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1148-1148: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1163-1163: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1178-1178: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1193-1193: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1208-1208: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1223-1223: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1238-1238: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1253-1253: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1268-1268: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1283-1283: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1298-1298: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1313-1313: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1328-1328: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1343-1343: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1358-1358: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1373-1373: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1388-1388: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1403-1403: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1418-1418: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1433-1433: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1448-1448: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1463-1463: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1478-1478: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1493-1493: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1508-1508: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1523-1523: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1538-1538: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1553-1553: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1568-1568: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1583-1583: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1598-1598: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1613-1613: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1628-1628: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1643-1643: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1658-1658: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1673-1673: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1688-1688: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1703-1703: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1718-1718: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1733-1733: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1748-1748: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1763-1763: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1778-1778: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1793-1793: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1808-1808: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1823-1823: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1838-1838: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1853-1853: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1868-1868: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1883-1883: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1898-1898: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1913-1913: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1928-1928: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1943-1943: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1958-1958: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1973-1973: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1988-1988: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2003-2003: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2018-2018: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2033-2033: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2048-2048: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2063-2063: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2078-2078: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2093-2093: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2108-2108: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2123-2123: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2138-2138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2153-2153: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2168-2168: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2183-2183: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2198-2198: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2213-2213: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2228-2228: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2243-2243: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2258-2258: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2273-2273: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2288-2288: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2303-2303: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2318-2318: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2333-2333: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2348-2348: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2363-2363: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2378-2378: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2393-2393: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2408-2408: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2423-2423: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2438-2438: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2461-2461: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2476-2476: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2491-2491: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2522-2522: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2537-2537: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2552-2552: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2575-2575: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2590-2590: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2605-2605: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2620-2620: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2635-2635: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2650-2650: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2673-2673: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (42)

.gitignore (1)

3-21: Well-organized structure for .gitignore

The reorganization of the .gitignore file with clear section headers improves readability and maintainability. The addition of the *.log pattern aligns well with the new logging functionality introduced in this PR.

src/scripts/downloadImages.js (6)

7-12: Good addition of directory check utility

This helper function properly ensures target directories exist before writing files, which prevents potential errors when saving downloaded images.

14-40: Well-structured async download function with proper error handling

The modularized download function with skipping logic, error handling, and proper stream management is a significant improvement. The conversion from Web ReadableStream to Node.js stream is handled correctly.

43-45: Good use of absolute paths

Using fileURLToPath and absolute paths relative to the project root improves reliability across different execution environments.

46-49: Good tracking of download statistics

Tracking downloaded, skipped, and failed images provides valuable metrics for monitoring the script's execution.

58-72: Well-implemented try-catch with detailed error tracking

The error handling properly captures and reports issues while continuing to process the remaining images.

74-84: Helpful summary output

The detailed summary at the end provides a clear overview of the operation results, which is helpful for debugging and monitoring.

package.json (1)

38-51: Appropriate dependency updates for new logging functionality

The updates to dependencies are appropriate for the changes in this PR:

Updating @cowprotocol/cow-sdk to ^5.11.0-RC.0

Adding winston for structured logging

These changes support the addition of enhanced logging infrastructure and support for Polygon and Avalanche networks.
src/scripts/auxLists/index.ts (3)

4-4: Good import organization

The import has been correctly updated to include the removeOldLogs function with the existing imports from './utils'.

17-18: Cleaning up logs before processing is good practice

Adding the log cleanup step before processing token lists ensures that each run has clean logs without old information.

17-18:
Details

❌ Incorrect review comment

Consider log rotation instead of deletion

Currently, logs are unconditionally deleted before each run. Consider implementing log rotation or archiving instead to preserve historical logs while preventing excessive file growth.
- removeOldLogs()
+ rotateLogs() // New function to implement in utils.ts
Implementation suggestion for utils.ts:
export function rotateLogs(): void {
  const logFiles = ['token-lists.log', 'token-lists-error.log']
  const maxBackups = 5 // Keep last 5 log files
  
  logFiles.forEach((file) => {
    if (fs.existsSync(file)) {
      // Rotate existing backups
      for (let i = maxBackups - 1; i > 0; i--) {
        const oldName = `${file}.${i - 1}`
        const newName = `${file}.${i}`
        if (fs.existsSync(oldName)) {
          fs.renameSync(oldName, newName)
        }
      }
      
      // Move current log to .1
      fs.renameSync(file, `${file}.1`)
    }
  })
}
🏁 Script executed:
#!/bin/bash
# Check if log files are created during processing and their size
echo "Checking for existing log files..."
ls -la token-lists*.log 2>/dev/null || echo "No log files found in current directory"

echo "Checking log file creation in script execution..."
node --loader ts-node/esm --experimental-json-modules --experimental-specifier-resolution=node src/scripts/auxLists/index.ts 2>&1 | grep -i "log"
Length of output: 445

🏁 Script executed:
#!/bin/bash
# Locate the removeOldLogs definition and its usage context
rg -n "removeOldLogs" -A5 -B5 src
Length of output: 2419
Log rotation suggestion isn’t applicable in-script
I reviewed the code and discovered that:

The only references to .log files live in removeOldLogs() (no code writes to token-lists.log or token-lists-error.log).

Actual log files are produced by redirecting stdout/stderr in your CI or shell wrapper, not by this TypeScript script.

In-script log rotation would add complexity without benefit. If you need to retain historical logs, handle rotation or retention in your CI/job configuration or external log-management system rather than inside the application code.

Likely an incorrect or invalid review comment.
README.md (2)

68-68: LGTM! Clear deprecation notice.

The renaming of this section to indicate deprecation helps users understand that this functionality is no longer the recommended approach.

105-105: LGTM! Polygon network documentation.

Adding Polygon to the list of networks with generated token lists correctly reflects the changes made to support this network.
src/permitInfo/const.ts (1)

14-15:
Details

❓ Verification inconclusive

Verify RPC endpoints for production use.

The addition of RPC URLs for Avalanche and Polygon is aligned with the PR objective to add support for these networks. However, these are public RPC endpoints which may have rate limits or reliability issues in production.

Consider whether these public RPC endpoints are appropriate for production use or if you should use dedicated RPC providers with API keys, similar to how you're using Infura for Mainnet.

🌐 Web query:
Are polygon-rpc.com and api.avax.network/ext/bc/C/rpc reliable public RPC endpoints for production use?
💡 Result:

When considering public RPC endpoints for production use, it's crucial to evaluate their reliability and security.

Polygon RPC Endpoint (polygon-rpc.com):

The Polygon RPC Gateway, accessible at polygon-rpc.com, is a service provided by Polygon Labs. It offers a high-performance connection to the Polygon PoS blockchain, utilizing a distributed network across 200 data centers. The service includes features like failover systems, geo-steering, smart routing, and dedicated nodes optimized for transaction broadcasting. (polygon.technology)

However, in July 2022, the Polygon RPC Gateway experienced a security incident involving a DNS hijack, leading to potential phishing attacks. This event raised concerns about the service's security and reliability. (coingape.com)

Avalanche C-Chain Public API Endpoint (api.avax.network/ext/bc/C/rpc):

The Avalanche C-Chain Public API, available at api.avax.network/ext/bc/C/rpc, is a public API server that allows developers to access the Avalanche network without running their own node. This service is free and does not require authentication or authorization. It supports various API endpoints, including those for the X-Chain, P-Chain, and C-Chain. (support.avax.network)

While the Avalanche Public API is designed for high availability and throughput, it may have rate limits and does not support all API methods, such as the X-Chain's getAddressTxs. Users are advised to review the documentation to understand its limitations. (support.avax.network)

Recommendations:

Security Considerations: Given the past security incident with polygon-rpc.com, it's advisable to exercise caution. Ensure that any RPC endpoint you use has robust security measures in place to protect against potential attacks.

Reliability and Performance: Both services offer high availability and performance. However, for critical production applications, consider implementing redundancy by using multiple RPC providers to mitigate potential downtimes.

Rate Limits and API Support: Be aware of any rate limits imposed by the public API services and ensure they support all the API methods your application requires.

In conclusion, while both polygon-rpc.com and api.avax.network/ext/bc/C/rpc are designed to be reliable public RPC endpoints, it's essential to assess their security, reliability, and suitability for your specific production needs.

Citations:

1: https://polygon.technology/blog/polygon-rpc-gateway-will-provide-a-free-high-performance-connection-to-the-polygon-pos-blockchain?utm_source=openai

2: https://coingape.com/breaking-polygon-major-blockchains-hit-with-network-attack/?utm_source=openai

3: https://support.avax.network/en/articles/6159007-what-apis-are-available-on-avalanche?utm_source=openai

4: https://support.avax.network/en/articles/6159007-what-apis-are-available-on-avalanche?utm_source=openai
Evaluate RPC Endpoints’ Production Readiness

The Polygon and Avalanche endpoints you’ve added are official public gateways, but they come with caveats that warrant further consideration before using them in production:

Polygon (https://polygon-rpc.com)
• Provided by Polygon Labs with geo-steering, failover, and smart routing.
• Suffered a DNS-hijack incident in July 2022—assess security measures and monitor for future outages.

Avalanche C-Chain (https://api.avax.network/ext/bc/C/rpc)
• Free, high-availability public API, but subject to rate limits and doesn’t expose all chain methods (e.g., X-Chain’s getAddressTxs).

Recommendations:

Consider dedicated, authenticated RPC providers (e.g., Alchemy, QuickNode, or your own node) for guaranteed SLAs and full API support.

Implement redundancy by configuring multiple RPC URLs or fallback providers.

Review expected traffic against the public endpoints’ rate limits and ensure your application handles throttling gracefully.
src/scripts/coingecko.ts (1)

33-36: LGTM! Robust directory creation.

This is a good improvement to ensure the target directory exists before writing files, preventing potential errors when writing to non-existent directories. This makes the file writing operation more robust.

src/scripts/auxLists/processTokenList.ts (4)

1-1: LGTM! Adding structured logging support.

Good addition of Winston logger import to support structured logging.

121-121: LGTM! Enhanced logging with chain name.

Improved log message by including the chain name when no changes are detected, which provides better context and readability.

136-137: LGTM! Logger parameter addition.

Adding the logger parameter to the interface is a good practice to enforce proper logging throughout the application.

147-153: LGTM! Structured logging implementation.

Good replacement of console.log with structured logging using the Winston logger. This will provide better log management, filtering, and observability.

src/scripts/auxLists/utils.ts (5)

1-3: Import ordering follows a logical pattern

The imports are organized with system modules first, followed by external dependencies and then local imports.

37-38: Support for Polygon and Avalanche chains added

Adding new chain entries for Polygon and Avalanche provides necessary mapping to their respective Coingecko identifiers, enabling token data fetching for these networks.

47-48: Human-readable chain names added for new networks

Adding display names for Polygon and Avalanche ensures consistent user-friendly chain identification throughout the application.

121-128: Well-structured log file cleanup

This function removes old log files before starting a new token list processing session, preventing log accumulation and keeping file organization clean.

130-144: Proper singleton pattern for logger implementation

The implementation uses a proper singleton pattern for the Winston logger, ensuring only one logger instance is created and reused across the application. The configuration includes appropriate log levels and multiple transports for comprehensive logging.

src/public/Uniswap.137.json (4)

1-12: Well-structured token list metadata

The token list follows the standard format with appropriate metadata including name, logo URI, keywords, and versioning information.

13-2789: Comprehensive Polygon token collection

The token list provides extensive coverage of tokens available on Polygon, including their addresses, symbols, decimals, and bridge information to Ethereum mainnet. This enables seamless cross-chain references and operations.

🧰 Tools

🪛 Gitleaks (8.26.0)

38-38: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

53-53: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

68-68: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

83-83: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

98-98: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

113-113: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

128-128: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

143-143: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

158-158: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

173-173: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

188-188: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

203-203: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

218-218: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

248-248: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

263-263: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

278-278: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

293-293: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

308-308: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

323-323: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

338-338: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

353-353: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

368-368: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

383-383: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

398-398: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

413-413: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

428-428: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

443-443: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

458-458: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

473-473: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

488-488: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

503-503: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

518-518: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

533-533: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

548-548: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

563-563: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

578-578: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

593-593: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

608-608: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

623-623: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

638-638: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

653-653: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

668-668: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

683-683: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

698-698: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

713-713: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

728-728: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

743-743: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

758-758: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

773-773: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

788-788: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

803-803: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

818-818: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

833-833: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

848-848: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

863-863: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

878-878: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

893-893: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

908-908: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

923-923: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

938-938: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

953-953: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

968-968: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

983-983: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

998-998: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1013-1013: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1028-1028: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1043-1043: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1058-1058: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1073-1073: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1088-1088: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1103-1103: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1118-1118: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1133-1133: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1148-1148: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1163-1163: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1178-1178: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1193-1193: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1208-1208: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1223-1223: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1238-1238: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1253-1253: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1268-1268: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1283-1283: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1298-1298: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1313-1313: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1328-1328: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1343-1343: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1358-1358: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1373-1373: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1388-1388: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1403-1403: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1418-1418: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1433-1433: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1448-1448: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1463-1463: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1478-1478: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1493-1493: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1508-1508: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1523-1523: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1538-1538: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1553-1553: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1568-1568: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1583-1583: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1598-1598: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1613-1613: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1628-1628: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1643-1643: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1658-1658: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1673-1673: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1688-1688: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1703-1703: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1718-1718: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1733-1733: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1748-1748: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1763-1763: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1778-1778: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1793-1793: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1808-1808: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1823-1823: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1838-1838: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1853-1853: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1868-1868: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1883-1883: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1898-1898: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1913-1913: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1928-1928: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1943-1943: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1958-1958: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1973-1973: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

1988-1988: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2003-2003: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2018-2018: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2033-2033: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2048-2048: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2063-2063: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2078-2078: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2093-2093: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2108-2108: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2123-2123: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2138-2138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2153-2153: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2168-2168: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2183-2183: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2198-2198: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2213-2213: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2228-2228: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2243-2243: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2258-2258: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2273-2273: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2288-2288: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2303-2303: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2318-2318: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2333-2333: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2348-2348: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2363-2363: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2378-2378: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2393-2393: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2408-2408: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2423-2423: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2438-2438: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2461-2461: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2476-2476: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2491-2491: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2522-2522: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2537-2537: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2552-2552: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2575-2575: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2590-2590: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2605-2605: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2620-2620: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2635-2635: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2650-2650: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2673-2673: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2444-2465: Clear distinction between different USDC variants

The file properly distinguishes between different USDC implementations on Polygon (native USDC and bridged USDC.e), which is crucial for users to understand the origin and properties of each token variant.

🧰 Tools

🪛 Gitleaks (8.26.0)

2461-2461: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2790-2792: Updated timestamp ensures freshness

The inclusion of a current timestamp helps users and systems verify the recency of the token list data.

src/public/Uniswap.43114.json (4)

1-12: Well-structured token list metadata for Avalanche

The token list follows the standard format with appropriate metadata for the Avalanche network, maintaining consistency with other network token lists.

13-640: Comprehensive Avalanche token collection

The token list provides extensive coverage of tokens available on Avalanche, including their addresses, symbols, decimals, and bridge information to Ethereum mainnet, enabling full support for this network.

164-177: Native and bridged tokens clearly identified

The file properly distinguishes between tokens with different origins using clear naming conventions (e.g., "UNI.e Token" for bridged tokens), which is essential for proper token identification on Avalanche.

Also applies to: 480-494

641-643: Consistent timestamp format

The timestamp format matches other token list files, ensuring consistency across the application's data files.

src/scripts/auxLists/coingecko.ts (5)

1-1: Added imports for enhanced logging capability

The file now imports Winston Logger type and additional utilities from the utils module to support structured logging functionality.

Also applies to: 7-7, 9-9

140-140: Logger parameter added to function signature

Adding the Logger parameter to fetchAndProcessCoingeckoTokensForChain enables consistent logging throughout the token processing pipeline.

153-153: Logger integration with processTokenList

Passing the logger to the processTokenList function ensures logging consistency throughout the token processing workflow.

167-167: Logger singleton initialization

The code properly initializes the logger once using the getLogger utility, following the singleton pattern implemented in utils.ts.

173-176: Improved console logging with human-readable chain names

Using DISPLAY_CHAIN_NAMES for console output improves readability and user experience when monitoring the token processing workflow.

src/scripts/auxLists/uniswap.ts (5)

1-13: Good enhancements to logging infrastructure

The new imports properly set up Winston-based logging and add useful utilities like DISPLAY_CHAIN_NAMES. The import organization is clean and well-structured, grouping related imports together.

96-96: Good addition of logger parameter

Adding the logger parameter allows for consistent structured logging throughout the function call chain.

110-110: Proper logger propagation

Correctly passing the logger to the processTokenList function ensures consistent logging across the token processing pipeline.

124-124: Good implementation of centralized logger

Creating the logger once and reusing it is an efficient approach. This ensures all logs use the same format and configuration.

132-141: Enhanced logging for chain processing

The addition of human-readable chain names improves log readability. Proper passing of the logger instance to the function call is good practice.

cowdan · 2025-05-20T09:18:50Z

I have read the CLA Document and I hereby sign the CLA

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

README.md (1)
103-103: Ensure consistent “CoinGecko” capitalization

The new Avalanche entry uses “Coingecko” with a lowercase “g”, whereas earlier entries use “CoinGecko”. For consistency, update it to:
- - Avalanche (Coingecko.43114.json, Uniswap.43114.json)
+ - Avalanche (CoinGecko.43114.json, Uniswap.43114.json)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 80d6911 and 8e4c406.

📒 Files selected for processing (1)

README.md (3 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[uncategorized] ~57-~57: The official spelling of this programming framework is “Node.js”.
Context: ...up Prerequistes Currently runs on nodeJs LTS/Gallium v16.20.2 ```bash # Instal...

(NODE_JS)

🪛 markdownlint-cli2 (0.17.2)

README.md

55-55: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

🔇 Additional comments (2)

README.md (2)

68-68: Confirm deprecation note for image download

Renaming the section to “Download images (deprecated)” clearly indicates its status and aligns with the PR objective to deprecate this script.

106-106: Validate new Polygon entry

The Polygon list entry matches existing naming conventions and file structure. Looks good as is.

README.md

…lygon

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

socket-security · 2025-05-20T09:27:36Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	text-hex@1.0.0
	@types/triple-beam@1.3.5
	@ethersproject/keccak256@5.7.0 ⏵ 5.8.0
	simple-swizzle@0.2.2
	colorspace@1.1.4
	@ethersproject/base64@5.7.0 ⏵ 5.8.0
	enabled@2.0.0
	@ethersproject/solidity@5.7.0 ⏵ 5.8.0
	@colors/colors@1.6.0
	@dabh/diagnostics@2.0.3
	@ethersproject/rlp@5.7.0 ⏵ 5.8.0
	@weiroll/weiroll.js@0.3.0
	is-stream@2.0.1
	pony-cause@2.1.11
	deepmerge@4.3.1
	@types/debug@4.1.12
	@ethersproject/basex@5.7.0 ⏵ 5.8.0
	fecha@4.2.3
	triple-beam@1.4.1
	@ethersproject/constants@5.7.0 ⏵ 5.8.0
See 55 more rows in the dashboard

View full report

elena-zh · 2025-05-20T09:39:15Z

Hey @cowdan ,
since you've added me as a reviewer, could you please provide test instructions in the PR?

alfetopito

Will you have another PR for updating the github issues templates: https://github.com/cowprotocol/token-lists/tree/main/.github/ISSUE_TEMPLATE
And the workflows: https://github.com/cowprotocol/token-lists/tree/main/.github/workflows

cow.fi tokens workflow can be skipped for now, but the others (process request and update permit info) should be updated sooner.

alfetopito · 2025-05-20T10:04:28Z

src/scripts/auxLists/processTokenList.ts

      console.log(`Token list saved to ${tokenListPath}`)
    } else {
-      console.log(`No changes detected. Token list not updated.`)
+      console.log(`No changes detected for '${DISPLAY_CHAIN_NAMES[chainId]}'. Token list not updated.`)


Since you are introducing a logger, why not use it here as well?

alfetopito · 2025-05-20T10:14:27Z

package.json

    "p-throttle": "^5.1.0",
-    "ts-node": "^10.9.1"
+    "ts-node": "^10.9.1",
+    "winston": "^3.17.0"


I'm curious why the choice of winston?
Or why the need for a dedicated logging lib.

Anyway, we use pino logger in other nodejs apps (watch tower, bff), but you probably have not dealt with them yet to know this.

It's kind of well used library, I can change it to pino logger if needed

alfetopito · 2025-05-20T10:19:27Z

src/permitInfo/const.ts

Can you run the permit script to fetch some permit info for the new networks?

Also, do you plan to add new scripts for them?

I know this will get too big and unmaintainable if we keep doing this, I'm open to suggestions to improve it.

done some refactor

coderabbitai

Actionable comments posted: 3

🔭 Outside diff range comments (2)

src/permitInfo/fetchAllPermitInfo.ts (2)
23-26: 🛠️ Refactor suggestion

Add proper promise handling for the main function execution.

The main function is called without handling the returned promise, which could lead to unhandled promise rejections.
}

-fetchAllPermitInfo()
+fetchAllPermitInfo()
+  .then(() => {
+    console.log('Successfully fetched permit info for all chains')
+    process.exit(0)
+  })
+  .catch((error) => {
+    console.error('Error fetching permit info:', error)
+    process.exit(1)
+  })
Also, complete the error handling wrapper started earlier:
  // After all chains are processed
+  } finally {
+    // Restore the original working directory
+    chdir(originalDir)
+  }
1-26: 🛠️ Refactor suggestion

Validate command-line arguments.

The script assumes that argv[1] contains the script path without validation. This could lead to runtime errors if the script is run in an unexpected way.
async function fetchAllPermitInfo() {
  const [, scriptPath] = argv
+  
+  if (!scriptPath) {
+    throw new Error('Script path not provided in command-line arguments')
+  }
  
  const originalDir = process.cwd()
  
  chdir(path.dirname(scriptPath))

🧹 Nitpick comments (2)

src/permitInfo/fetchAllPermitInfo.ts (2)

1-26: Consider adding parallelization for improved performance.

The current implementation processes chains sequentially. Considering parallelizing the requests could significantly speed up execution.

-  for (const chainId of chainIds) {
-    try {
-      console.log(`Fetching permit info for chain ${chainId}...`)
-      await fetchPermitInfo({
-        chainId: chainId as SupportedChainId,
-        tokenListPath: undefined,
-        rpcUrl: undefined,
-        recheckUnsupported: false,
-        forceRecheck: false,
-      })
-      console.log(`Successfully fetched permit info for chain ${chainId}`)
-    } catch (error) {
-      console.error(`Error fetching permit info for chain ${chainId}:`, error)
-      // Continue with next chain instead of failing completely
-    }
-  }
+  // Process chains in parallel (limit concurrency if needed)
+  const batchSize = 3 // Adjust based on system capabilities
+  for (let i = 0; i < chainIds.length; i += batchSize) {
+    const batch = chainIds.slice(i, i + batchSize)
+    const promises = batch.map(chainId => {
+      return new Promise(async (resolve) => {
+        try {
+          console.log(`Fetching permit info for chain ${chainId}...`)
+          await fetchPermitInfo({
+            chainId: chainId as SupportedChainId,
+            tokenListPath: undefined,
+            rpcUrl: undefined,
+            recheckUnsupported: false,
+            forceRecheck: false,
+          })
+          console.log(`Successfully fetched permit info for chain ${chainId}`)
+        } catch (error) {
+          console.error(`Error fetching permit info for chain ${chainId}:`, error)
+        }
+        resolve()
+      })
+    })
+    
+    await Promise.all(promises)
+  }

1-26: Add documentation for the function.

The script lacks documentation explaining its purpose and usage.

+/**
+ * Fetches permit information for all supported chains.
+ * This script iterates through all chain IDs defined in SupportedChainId
+ * and calls fetchPermitInfo for each one.
+ * 
+ * Usage: node fetchAllPermitInfo.js
+ */
async function fetchAllPermitInfo() {
  const [, scriptPath] = argv

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between ac19de0 and 79ee878.

📒 Files selected for processing (5)

.github/ISSUE_TEMPLATE/1-addTokenForm.yml (1 hunks)
.github/ISSUE_TEMPLATE/2-addImageForm.yml (1 hunks)
.github/ISSUE_TEMPLATE/3-removeTokenForm.yml (1 hunks)
src/permitInfo/fetchAllPermitInfo.ts (1 hunks)
src/permitInfo/utils/getTokensFromTokenList.ts (1 hunks)

✅ Files skipped from review due to trivial changes (4)

src/permitInfo/utils/getTokensFromTokenList.ts
.github/ISSUE_TEMPLATE/2-addImageForm.yml
.github/ISSUE_TEMPLATE/3-removeTokenForm.yml
.github/ISSUE_TEMPLATE/1-addTokenForm.yml

coderabbitai · 2025-05-21T11:10:04Z

src/permitInfo/fetchAllPermitInfo.ts

+async function fetchAllPermitInfo() {
+  const [, scriptPath] = argv
+
+  chdir(path.dirname(scriptPath))
+


🛠️ Refactor suggestion

Consider preserving the original working directory.

The script changes the working directory but doesn't restore it after execution, which could affect subsequent operations.

async function fetchAllPermitInfo() { const [, scriptPath] = argv + const originalDir = process.cwd() chdir(path.dirname(scriptPath)) + + try {

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In src/permitInfo/fetchAllPermitInfo.ts around lines 7 to 11, the code changes the working directory using chdir but does not restore the original directory afterward. To fix this, save the current working directory before calling chdir, and after the operations that require the directory change are complete, restore the original working directory by calling chdir again with the saved path.

src/permitInfo/fetchAllPermitInfo.ts

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/permitInfo/fetchPermitInfoByChain.ts (1)

1-28: Add a help/usage message for better CLI experience.

Consider adding a simple help option to make the script more user-friendly. This would be especially helpful since the script accepts multiple parameters with specific meanings.

import path from "path"
-import { argv, chdir, exit } from 'node:process'
+import { argv, chdir, exit, env } from 'node:process'

import { SupportedChainId } from '@cowprotocol/cow-sdk'
import { fetchPermitInfo } from "./fetchPermitInfo"

+function printUsage() {
+  console.log(`
+Usage: ts-node fetchPermitInfoByChain <chainId> [forceRecheck]
+
+Parameters:
+  chainId       - Required. The chain ID to fetch permit info for
+  forceRecheck  - Optional. Set to 'true' to force rechecking all tokens
+
+Examples:
+  ts-node fetchPermitInfoByChain 1        # Fetch for Ethereum mainnet
+  ts-node fetchPermitInfoByChain 137      # Fetch for Polygon
+  ts-node fetchPermitInfoByChain 43114    # Fetch for Avalanche
+  ts-node fetchPermitInfoByChain 1 true   # Force recheck for Ethereum mainnet
+`)
+}

function fetchPermitInfoByChain() {
    const [, scriptPath, chainId, forceRecheck] = argv
  
+    // Show help and exit if requested
+    if (chainId === '--help' || chainId === '-h') {
+      printUsage()
+      exit(0)
+    }
+
    if (!chainId) {
      console.error('ChainId is missing. Invoke the script with the chainId as the first parameter.')
+      printUsage()
      exit(1)
    }
  
    // Change to script dir so relative paths work properly
    chdir(path.dirname(scriptPath))
  
    // Execute the script
    fetchPermitInfo({
      chainId: +chainId as SupportedChainId,
      tokenListPath: undefined,
      rpcUrl: undefined,
      recheckUnsupported: false,
      forceRecheck: forceRecheck === 'true',
    }).then(() => console.info(`Done 🏁`))
  }
  
  fetchPermitInfoByChain()

src/permitInfo/fetchPermitInfo.ts (1)

93-93: Consider adding explicit type conversion comment.

Using double negation (!!) to convert to boolean is concise but can be confusing to developers unfamiliar with this pattern.

-      async () => _fetchPermitInfo(chainId, provider, token, existingInfo, !!recheckUnsupported, !!forceRecheck),
+      // Ensure boolean values for recheckUnsupported and forceRecheck
+      async () => _fetchPermitInfo(chainId, provider, token, existingInfo, Boolean(recheckUnsupported), Boolean(forceRecheck)),

Alternatively, you could keep the double negation but add a comment:

-      async () => _fetchPermitInfo(chainId, provider, token, existingInfo, !!recheckUnsupported, !!forceRecheck),
+      async () => _fetchPermitInfo(chainId, provider, token, existingInfo, !!recheckUnsupported /* convert to boolean */, !!forceRecheck /* convert to boolean */),

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 79ee878 and eef7c88.

📒 Files selected for processing (7)

.github/workflows/updatePermitInfo.yml (1 hunks)
package.json (3 hunks)
src/permitInfo/fetchPermitInfo.ts (3 hunks)
src/permitInfo/fetchPermitInfoByChain.ts (1 hunks)
src/public/PermitInfo.1.json (1 hunks)
src/public/PermitInfo.137.json (1 hunks)
src/public/PermitInfo.43114.json (1 hunks)

✅ Files skipped from review due to trivial changes (4)

src/public/PermitInfo.137.json
src/public/PermitInfo.43114.json
.github/workflows/updatePermitInfo.yml
src/public/PermitInfo.1.json

🚧 Files skipped from review as they are similar to previous changes (1)

package.json

🔇 Additional comments (4)

src/permitInfo/fetchPermitInfo.ts (4)

50-56: LGTM! Well-defined options type.

The FetchPermitInfoOptions type clearly defines the parameters for the refactored function, making it more maintainable and type-safe.

58-59: Good refactoring to improve reusability.

Converting the function to accept an options object makes it more flexible and easier to use from other scripts. This is a good pattern that improves modularity.

40-40: LGTM! Appropriate imports.

Updating the imports to match the refactored code structure is appropriate.

1-165:
Details

✅ Verification successful

Test multi-chain functionality thoroughly.

The refactored code now supports multiple chains, including the newly added Polygon and Avalanche. Ensure that these new chains work as expected with appropriate RPC URLs and token lists.

🏁 Script executed:
#!/bin/bash
# Verify presence of the new permit info files for Polygon and Avalanche
echo "Checking for permit info files for Polygon and Avalanche chains"

POLYGON_FILE="src/public/PermitInfo.137.json"
AVALANCHE_FILE="src/public/PermitInfo.43114.json"

if [ -f "$POLYGON_FILE" ]; then
  echo "✅ Polygon permit info file exists: $POLYGON_FILE"
else
  echo "❌ Polygon permit info file missing: $POLYGON_FILE"
fi

if [ -f "$AVALANCHE_FILE" ]; then
  echo "✅ Avalanche permit info file exists: $AVALANCHE_FILE"
else
  echo "❌ Avalanche permit info file missing: $AVALANCHE_FILE"
fi

# Check if the getTokensFromTokenList utility imports token lists for these chains
echo -e "\nChecking if getTokensFromTokenList supports Polygon and Avalanche"
if [ -f "src/permitInfo/utils/getTokensFromTokenList.ts" ]; then
  echo "File found: src/permitInfo/utils/getTokensFromTokenList.ts"
  echo "Searching for Polygon (137) and Avalanche (43114) chain IDs..."
  grep -n "SupportedChainId.POLYGON\|137" src/permitInfo/utils/getTokensFromTokenList.ts
  grep -n "SupportedChainId.AVALANCHE\|43114" src/permitInfo/utils/getTokensFromTokenList.ts
else
  echo "❌ File not found: src/permitInfo/utils/getTokensFromTokenList.ts"
fi

# Check if RPC URLs are defined for these chains
echo -e "\nChecking if RPC URLs are defined for Polygon and Avalanche"
if [ -f "src/permitInfo/const.ts" ]; then
  echo "File found: src/permitInfo/const.ts"
  echo "Searching for Polygon and Avalanche RPC URLs..."
  grep -n "POLYGON\|137" src/permitInfo/const.ts
  grep -n "AVALANCHE\|43114" src/permitInfo/const.ts
else
  echo "❌ File not found: src/permitInfo/const.ts"
fi
Length of output: 1957
Multi-chain support verified

All configurations for Polygon (137) and Avalanche (43114) are in place:

✅ Permit info files exist under src/public/PermitInfo.137.json and src/public/PermitInfo.43114.json.

✅ getTokensFromTokenList includes mappings for both SupportedChainId.POLYGON and SupportedChainId.AVALANCHE.

✅ RPC endpoints for Polygon and Avalanche are defined in src/permitInfo/const.ts.

No further changes required.

coderabbitai · 2025-05-21T11:16:42Z

src/permitInfo/fetchPermitInfoByChain.ts

+function fetchPermitInfoByChain() {
+    const [, scriptPath, chainId, forceRecheck] = argv
+
+    if (!chainId) {
+      console.error('ChainId is missing. Invoke the script with the chainId as the first parameter.')
+      exit(1)
+    }
+
+    // Change to script dir so relative paths work properly
+    chdir(path.dirname(scriptPath))
+
+    // Execute the script
+    fetchPermitInfo({
+      chainId: +chainId as SupportedChainId,
+      tokenListPath: undefined,
+      rpcUrl: undefined,
+      recheckUnsupported: false,
+      forceRecheck: forceRecheck === 'true',
+    }).then(() => console.info(`Done 🏁`))
+  }


🛠️ Refactor suggestion

Add error handling and improve input validation.

The function lacks error handling for the promise returned by fetchPermitInfo. Additionally, there's minimal validation for the chainId parameter - it only checks for presence but not for validity.

function fetchPermitInfoByChain() { const [, scriptPath, chainId, forceRecheck] = argv if (!chainId) { console.error('ChainId is missing. Invoke the script with the chainId as the first parameter.') exit(1) } + + // Validate chainId is numeric + const parsedChainId = Number(chainId) + if (isNaN(parsedChainId)) { + console.error('ChainId must be a valid number.') + exit(1) + } // Change to script dir so relative paths work properly chdir(path.dirname(scriptPath)) // Execute the script fetchPermitInfo({ - chainId: +chainId as SupportedChainId, + chainId: parsedChainId as SupportedChainId, tokenListPath: undefined, rpcUrl: undefined, recheckUnsupported: false, forceRecheck: forceRecheck === 'true', - }).then(() => console.info(`Done 🏁`)) + }) + .then(() => console.info(`Done 🏁`)) + .catch(error => { + console.error(`Failed to fetch permit info: ${error.message}`) + exit(1) + }) }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

function fetchPermitInfoByChain() {

const [, scriptPath, chainId, forceRecheck] = argv

if (!chainId) {

console.error('ChainId is missing. Invoke the script with the chainId as the first parameter.')

exit(1)

}

// Change to script dir so relative paths work properly

chdir(path.dirname(scriptPath))

// Execute the script

fetchPermitInfo({

chainId: +chainId as SupportedChainId,

tokenListPath: undefined,

rpcUrl: undefined,

recheckUnsupported: false,

forceRecheck: forceRecheck === 'true',

}).then(() => console.info(`Done 🏁`))

}

function fetchPermitInfoByChain() {

const [, scriptPath, chainId, forceRecheck] = argv

if (!chainId) {

console.error('ChainId is missing. Invoke the script with the chainId as the first parameter.')

exit(1)

}

// Validate chainId is numeric

const parsedChainId = Number(chainId)

if (isNaN(parsedChainId)) {

console.error('ChainId must be a valid number.')

exit(1)

}

// Change to script dir so relative paths work properly

chdir(path.dirname(scriptPath))

// Execute the script

fetchPermitInfo({

chainId: parsedChainId as SupportedChainId,

tokenListPath: undefined,

rpcUrl: undefined,

recheckUnsupported: false,

forceRecheck: forceRecheck === 'true',

})

.then(() => console.info(`Done 🏁`))

.catch(error => {

console.error(`Failed to fetch permit info: ${error.message}`)

exit(1)

})

}

🤖 Prompt for AI Agents

In src/permitInfo/fetchPermitInfoByChain.ts around lines 7 to 26, add error handling for the promise returned by fetchPermitInfo by appending a catch block to handle and log any errors. Also, improve input validation by verifying that chainId is not only present but also a valid SupportedChainId before proceeding, and exit with an error message if invalid.

…lygon

alfetopito

You need to update this section of another workflow https://github.com/cowprotocol/token-lists/blob/main/.github/workflows/processRequest.yml#L79-L91

alfetopito · 2025-05-22T10:35:39Z

src/scripts/auxLists/utils.ts

+export function removeOldLogs(): void {
+  const logFiles = ['token-lists.log', 'token-lists-error.log']
+  logFiles.forEach((file) => {
+    if (fs.existsSync(file)) {
+      fs.unlinkSync(file)
+    }
+  })
+}


Why do you need to remove old logs?

Why is the log stored to a file in the first place?

If in a file, how can it be accessed from a gh actions workflow?

the logging library appends to the existing file, so better to create a fresh file for each run

it makes it easier to read and analyse the output, instead of outputting on the terminal

I could't find where a gh action is actually reading the terminal?

I could't find where a gh action is actually reading the terminal?

I meant, how can we access the log file if running in the gh action?

It does print the output to the console:

https://github.com/cowprotocol/token-lists/actions/runs/15199780069/job/42751672016

alfetopito · 2025-05-22T10:38:43Z

You can ignore the merge conflicts on the existing coingecko files and pick instead everything from main

…lygon

alfetopito

I'm still not sold on the log file approach, but I'm to merge and see how that works with the gh action.
Worst case we re-iterate

src/permitInfo/fetchAllPermitInfo.ts

Co-authored-by: Leandro <alfetopito@users.noreply.github.com>

…lygon

cowdan added 6 commits May 15, 2025 17:06

chore: update cow-sdk and README

29d6db8

fix: error if the build folder doesn't exist

6be2e73

chore: refactor downloadImages to make it more robust

b0c4487

chore: update README

742b7ae

chore: update .gitignore

3881986

feat: add new networks

80d6911

- add `Avalanche` and `Polygon` networks - add `winston` logger

chore: update Readme

8e4c406

coderabbitai bot reviewed May 20, 2025

View reviewed changes

github-actions bot added a commit that referenced this pull request May 20, 2025

@cowdan has signed the CLA in #921

68b1cad

coderabbitai bot reviewed May 20, 2025

View reviewed changes

README.md Outdated Show resolved Hide resolved

cowdan and others added 2 commits May 20, 2025 10:26

Merge remote-tracking branch 'origin/main' into feat/add-avalanche-po…

ea82d35

…lygon

Update README.md

ac19de0

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

cowdan requested review from a team May 20, 2025 09:29

alfetopito reviewed May 20, 2025

View reviewed changes

cowdan added 2 commits May 21, 2025 12:04

fix: update tokenListsByNetwork

3e8cc09

feat: update issue templates with new networks

79ee878

coderabbitai bot reviewed May 21, 2025

View reviewed changes

feat: update fetchPermitInfo scripts and add new networks

eef7c88

coderabbitai bot reviewed May 21, 2025

View reviewed changes

cowdan added 2 commits May 21, 2025 12:24

chore: improve logging

ea7b683

Merge remote-tracking branch 'origin/main' into feat/add-avalanche-po…

38746f1

…lygon

cowdan requested a review from alfetopito May 21, 2025 13:46

alfetopito reviewed May 22, 2025

View reviewed changes

cowdan added 4 commits May 22, 2025 12:03

chore: add new networks to processRequest

1730fd1

chore: sync CoinGecko json files with main

aaad1c0

Merge remote-tracking branch 'origin/main' into feat/add-avalanche-po…

5aed520

…lygon

fix: remove old logs context

bb6b13c

cowdan requested a review from alfetopito May 22, 2025 15:43

alfetopito approved these changes May 23, 2025

View reviewed changes

src/permitInfo/fetchAllPermitInfo.ts Outdated Show resolved Hide resolved

cowdan and others added 2 commits May 23, 2025 16:12

Update src/permitInfo/fetchAllPermitInfo.ts

d94d390

Co-authored-by: Leandro <alfetopito@users.noreply.github.com>

Merge remote-tracking branch 'origin/main' into feat/add-avalanche-po…

399345e

…lygon

cowdan merged commit 2b8ef9d into main May 23, 2025
7 checks passed

cowdan deleted the feat/add-avalanche-polygon branch May 23, 2025 15:26

github-actions bot locked and limited conversation to collaborators May 23, 2025

Conversation

cowdan commented May 20, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented May 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

github-actions bot commented May 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

cowdan commented May 20, 2025

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

socket-security bot commented May 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

elena-zh commented May 20, 2025

Uh oh!

alfetopito left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot May 21, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot May 21, 2025

Choose a reason for hiding this comment

Uh oh!

alfetopito left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

alfetopito commented May 22, 2025

Uh oh!

alfetopito left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

cowdan commented May 20, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented May 20, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)

github-actions bot commented May 20, 2025 •

edited

Loading

socket-security bot commented May 20, 2025 •

edited

Loading