# TKN Roadmap discussion
## Intro
Key Metrics
- https://www.figma.com/board/E9ZcDOvMA1awfnPtytgJza/Untitled?node-id=0-1&t=a4Rv7hST62mdoqQV-1
- key points are token impressions
- able to measure number of times our logo is requested
- unique participants
- name set
- number of data points
- our data points are like our tvl
- number of intigrations and logos on our page/ 3rd parties
- People are very logo oriented
- incetavise peoepl or submit prs on out behalf
## Sublists
- get velodrom integration live
- partners will want to control their own token list
- larger projects will have security concerns to only include vetted tokens
- Section
- Long Tail
- Blue Chip
## Goals
- accurate data for all tokens vaialble in the api
- twitter
- addresses
- website
- dweb
- Token Tracker to displace coingecko
- user balance
- Crypto apps use TKN API
- Open Source contributing community
- User portfolio
- L2 submissions
- Decentalized price feeds
- Submission curation, vote on pending submissions
- short term internal vetting and promotion
- functional Npm package
- Sublists
- tags
- capture data
- populate gateway database
- L2 submission and db (tkn-gateway-database)
## Tasks
- onbaording penguin
- tour of app with JP
- cut teeth on npm package and understand mono repo
- connector to look up github repo lists and merge them
- use gateway/data/fetch.js
- areodrome, velodrome (velodrome-finance/sugar)
- Components are in a big fat file (app.js)
- remove database from app, use only npm actions
- seperate services
- JP to update submissions this week by Friday
## Timeline
- update this week from JP
- 3 weeks until MVP api is due
## Blockers
- need a better price feed
- using the express api before the main app is not great
## JP
- working on integrating submissions from edit list
- submission -> L2 -> ordered by date from different networks
- integrating prices fixes for WETH and TKN
- price consideration needs reformated
- need to better define price feeds
- currently getting prices from cryptoCompare some tokens do not have updated info
- submissions modal for tracking tokens
- curently working on L2 update from app master list
- clean up technical debt
## Stack
- React Monorepo
- Frame inside api-service
- Database: Postgres (tkn-Gateway-data) (l2.tkn.xyz)
## Random Notes:
short to mid term use graph for npm package
price api server dependancy warnings
```
Wise
# npm audit report
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install axios@1.7.2, which is a breaking change
node_modules/axios
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install ethers@6.13.1, which is a breaking change
node_modules/ws
@ethersproject/providers <=5.7.2
Depends on vulnerable versions of ws
node_modules/@ethersproject/providers
ethers 5.0.0-beta.119 - 5.7.2
Depends on vulnerable versions of @ethersproject/providers
node_modules/ethers
4 vulnerabilities (1 moderate, 3 high)
```
```
png@penguins-MacBook-Pro price-api-service % npm install
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated multiaddr-to-uri@8.0.0: This module is deprecated, please upgrade to @multiformats/multiaddr-to-uri
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated phin@2.9.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated multiaddr@10.0.1: This module is deprecated, please upgrade to @multiformats/multiaddr
npm WARN deprecated @types/dotenv@8.2.0: This is a stub types definition. dotenv provides its own type definitions, so you do not need this installed.
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated multicodec@1.0.4: This module has been superseded by the multiformats module
npm WARN deprecated multibase@0.6.1: This module has been superseded by the multiformats module
npm WARN deprecated multicodec@0.5.7: This module has been superseded by the multiformats module
npm WARN deprecated multibase@0.7.0: This module has been superseded by the multiformats module
npm WARN deprecated ipfs-core-utils@0.14.3: js-IPFS has been deprecated in favour of Helia - please see https://github.com/ipfs/js-ipfs/issues/4336 for details
npm WARN deprecated ipfs-core-types@0.10.3: js-IPFS has been deprecated in favour of Helia - please see https://github.com/ipfs/js-ipfs/issues/4336 for details
npm WARN deprecated cids@0.7.5: This module has been superseded by the multiformats module
npm WARN deprecated puppeteer@13.7.0: < 22.6.4 is no longer supported
npm WARN deprecated ipfs-http-client@56.0.3: js-IPFS has been deprecated in favour of Helia - please see https://github.com/ipfs/js-ipfs/issues/4336 for details
19 vulnerabilities (9 moderate, 10 high)
# npm audit report
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install axios@1.7.2, which is a breaking change
node_modules/axios
express <4.19.2
Severity: moderate
Express.js Open Redirect in malformed URLs - https://github.com/advisories/GHSA-rv95-896h-c2vc
fix available via `npm audit fix`
node_modules/express
follow-redirects <=1.15.5
Severity: moderate
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects
lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install convert-svg-to-png@0.3.1, which is a breaking change
node_modules/lodash.pick
convert-svg-core >=0.3.2
Depends on vulnerable versions of lodash.pick
Depends on vulnerable versions of puppeteer
node_modules/convert-svg-core
convert-svg-to-png >=0.3.2
Depends on vulnerable versions of convert-svg-core
node_modules/convert-svg-to-png
phin <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install jimp@0.3.11, which is a breaking change
node_modules/phin
load-bmfont >=1.4.0
Depends on vulnerable versions of phin
node_modules/load-bmfont
@jimp/plugin-print >=0.4.0
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
@jimp/plugins >=0.4.0
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
jimp >=0.4.0
Depends on vulnerable versions of @jimp/plugins
node_modules/jimp
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install convert-svg-to-png@0.3.1, which is a breaking change
node_modules/puppeteer/node_modules/ws
node_modules/viem/node_modules/ws
node_modules/ws
@ethersproject/providers <=5.7.2
Depends on vulnerable versions of ws
node_modules/@ethersproject/providers
ethers 5.0.0-beta.119 - 5.7.2
Depends on vulnerable versions of @ethersproject/providers
node_modules/ethers
puppeteer 11.0.0 - 18.1.0
Depends on vulnerable versions of ws
node_modules/puppeteer
viem <=0.0.0-wagmiv2-20230628182101 || 0.2.2 - 2.15.0
Depends on vulnerable versions of ws
node_modules/viem
@farcaster/core >=0.7.1
Depends on vulnerable versions of viem
node_modules/@farcaster/core
@farcaster/hub-nodejs >=0.7.1
Depends on vulnerable versions of @farcaster/core
node_modules/@farcaster/hub-nodejs
```
Sign in with Wallet
Connect another wallet