amcalabretta / botbase Goto Github PK
View Code? Open in Web Editor NEWA framework where to run bot trading cryptocurrencies across multiple exchanges
Home Page: https://amcalabretta.github.io/botbase/
License: MIT License
A framework where to run bot trading cryptocurrencies across multiple exchanges
Home Page: https://amcalabretta.github.io/botbase/
License: MIT License
The main thread shall be responsible for placing real orders, additionally, it should be possible to run botbase in 'SYM' mode e.g. orders shall be not placed.
Bot base should also be able to check the status of each order and update the buckets accordingly.
Github Ci should be integrated in regards to the following aspects:
Ideally, logging should be done, main reqs:
https://www.npmjs.com/package/cognitive-complexity-ts
(it's already in the package.json)
Botbase is based on https://www.npmjs.com/package/coinbase-pro, it should be ported to https://www.npmjs.com/package/coinbase-pro-node
Maintenability issues repoorted here: https://codeclimate.com/github/amcalabretta/botbase
Multiprocess might be a better way to manage the strategies (especially considering that each strategy might make use of expensive frameworks like ML / AI etc...
see https://betterprogramming.pub/scaling-node-js-applications-with-multiprocessing-b0c25511832a for an example or move to cluster (https://nodejs.org/docs/latest/api/cluster.html#cluster) node native way to run multiple processes rather than threads (i.e. workers)
communication might be done via the pub/sub pattern (https://www.npmjs.com/package/cluster-pubsub)
package here:
https://www.npmjs.com/package/ml-regression-multivariate-linear
can be applied to 1s, 5s etc..
As reported in https://app.codacy.com/gh/amcalabretta/botbase/dashboard?branch=master there are issues in terms of codequality
GitHub Actions:
External tools:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.11 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ deps-ok [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ deps-ok > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/782 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.12 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ deps-ok [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ deps-ok > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1065 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.19 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ deps-ok [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ deps-ok > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1523 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.21 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ deps-ok [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ deps-ok > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1673 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.2.1 <1.0.0 || >=1.2.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ deps-ok [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ deps-ok > minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1179 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 5 vulnerabilities (2 low, 3 high) in 490 scanned packages
5 vulnerabilities require manual review. See the full report for details.
# npm audit report
@sideway/formula 3.0.0
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability - https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
fix available via `npm audit fix`
node_modules/@sideway/formula
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
node_modules/tsconfig-paths/node_modules/json5
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
coinbase-pro *
Depends on vulnerable versions of request
node_modules/coinbase-pro
vm2 <=3.9.15
Severity: critical
vm2 vulnerable to sandbox escape - https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-xj72-wvfv-8985
fix available via `npm audit fix`
node_modules/vm2
6 vulnerabilities (3 moderate, 2 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
Currently the strategies to be ran live in the all_strategies file, it would be more handy to load them from the yaml file.
Add badges:
Add linting step
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.