builtbykev/vyndr
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

Session 31: Code audit + security review — NFL MARKET_MAP gap fixed, npm audit 0 vulns (1695 tests)

Browse Source 
- Add NFL keys to oddsNormalizer.MARKET_MAP (defensive; same silent-zero
  class as the Session 30 MLB bug) + NFL surface test
- npm audit fix: ws/qs + Supabase transitives, 7 vulns -> 0 (semver-safe)
- Audit findings documented in BUILD-STATE: grades cache has no writer,
  NFL/NHL not wired end-to-end, rate limiting only on /analyze, tests
  mutate a tracked jsonl, leaked GitHub PAT in origin remote (rotate)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kev
2026-06-14 23:48:40 -04:00
parent a3351e2135
commit 2ba3958c7a
4 changed files with 186 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/utils/oddsNormalizer.js
+23
View File
@@ -35,6 +35,29 @@ const MARKET_MAP = {
pitcher_earned_runs: 'earned_runs',
pitcher_hits_allowed: 'hits_allowed',
pitcher_outs: 'outs',
// NFL props (Session 31 audit) — defensive mapping added BEFORE NFL is
// fully wired into the props flow, so it can't repeat the MLB silent-zero
// bug (MARKET_MAP dropping every market → props normalize to nothing).
// The Odds API + PropLine use the abbreviated `_yds` keys; the spec's
// `_yards` spellings are mapped too so either form survives. Internal
// stat_type names align with config/statFilters.js (passing_yards,
// rushing_yards, receiving_yards, interceptions).
player_pass_yds: 'passing_yards',
player_pass_yards: 'passing_yards',
player_pass_tds: 'pass_tds',
player_pass_completions: 'pass_completions',
player_pass_attempts: 'pass_attempts',
player_pass_interceptions: 'interceptions',
player_rush_yds: 'rushing_yards',
player_rush_yards: 'rushing_yards',
player_rush_attempts: 'rush_attempts',
player_rush_tds: 'rush_tds',
player_receptions: 'receptions',
player_reception_yds: 'receiving_yards',
player_receiving_yards: 'receiving_yards',
player_reception_tds: 'reception_tds',
player_anytime_td: 'anytime_td',
player_kicking_points: 'kicking_points',
// Soccer props — World Cup 2026 + permanent league support.
// odds-api keys verified against soccer_fifa_world_cup market list.
// 'assists' is shared with NBA — sport context discriminates downstream.