Feat: nexchange plugin

[MMrj9]

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

• Yes
• No

Dependencies

Api Key should be shared privately

Description

• Added new nexchange partner plugin at src/partners/nexchange.ts.
• Integrated the plugin into the query engine in src/queryEngine.ts.
• Implemented Edge audit orders API ingestion (/audits/edge/orders) with support for:
  • API key auth via x-api-key
  • Legacy Authorization: ApiKey <key> auth header
  • Cursor pagination with offset fallback
  • dateFrom incremental sync using persisted latestIsoDate and lookback
• Added tests in test/nexchange.test.ts for transaction mapping and auth header behavior.

https://app.asana.com/1/9976422036640/project/1200382638405084/task/1213650284151456?focus=true

[Jon-edge]

@cursor review

[cursor]

Bugbot couldn't run

Bugbot is not enabled for your user on this team.

Ask your team administrator to increase your team's hard limit for Bugbot seats or add you to the allowlist in the Cursor dashboard.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	changelly_api@​1.0.0
	axios@​1.2.1 ⏵ 0.21.4	+1	+21
	eslint@​8.51.0 ⏵ 8.57.1
	husky@​4.2.5 ⏵ 9.1.7	+18		-38
	edge-server-tools@​0.2.22 ⏵ 0.2.24	-8		+1	+5
	web3@​1.2.11 ⏵ 1.10.4	+5	+1	+3
	@​types/​express@​4.17.23 ⏵ 4.17.25
	@​types/​node-fetch@​2.6.3 ⏵ 2.6.13	+1
	@​types/​react-dom@​16.9.8 ⏵ 16.9.25			+1
	biggystring@​4.1.3 ⏵ 4.2.3	+2		+2	+3
	@​types/​chai@​4.2.21 ⏵ 4.3.20
	@​types/​mocha@​9.0.0 ⏵ 9.1.1	+1		+1
	@​types/​react@​16.9.46 ⏵ 16.14.69			+1
	recharts@​1.8.5 ⏵ 1.8.6	+1		+1	+41
	async-mutex@​0.5.0
	date-fns-tz@​1.1.4 ⏵ 1.3.8	+1		+1
	@​types/​node@​10.17.28 ⏵ 14.18.63	+1		+2
	sucrase@​3.20.0 ⏵ 3.35.1	-3		+1
	csv-stringify@​6.2.3 ⏵ 6.7.0	+1		-4
	eslint-plugin-react@​7.33.2 ⏵ 7.37.5
	url@​0.11.0 ⏵ 0.11.4	+1		+1	+1
	react-router-dom@​5.2.0 ⏵ 5.3.4	+1		+1
	cors@​2.8.5 ⏵ 2.8.6
	eslint-plugin-import@​2.28.1 ⏵ 2.32.0	+1
	commander@​5.1.0 ⏵ 6.2.1			+1
	assert@​2.0.0 ⏵ 2.1.0	+1		+1
	util@​0.12.4 ⏵ 0.12.5	+1
	chai@​4.3.4 ⏵ 4.5.0
	react-datepicker@​3.3.0 ⏵ 3.8.0	+1		+1
	parcel@​2.8.2 ⏵ 2.16.4	+1		+1
	body-parser@​1.20.1 ⏵ 1.20.5		+16	+1
	react-cookie@​4.0.3 ⏵ 4.1.1	+1			+10
See 5 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Publisher changed: npm edge-server-tools is now published by mattdpiche Author: mattdpiche From: package-lock.json → npm/edge-server-tools@0.2.24 ℹ Read more on: This package | This alert | What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/edge-server-tools@0.2.24. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: package-lock.json → npm/web3@1.10.4 → npm/es5-ext@0.10.64 ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.64. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm node-exports-info Location: Package overview From: package-lock.json → npm/eslint-plugin-react@7.37.5 → npm/eslint-plugin-import@2.32.0 → npm/node-exports-info@1.6.0 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report