Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/brockreece/vue-heatmapjs
A vue directive for collecting and displaying user activity on a component
You can use NPM or Yarn to add this plugin to your project
npm install vue-heatmapjs
# or
yarn add vue-heatmapjs
You need to install this plugin in you main.js
// main.js
import Vue from 'vue'
import heatmap from 'vue-heatmapjs'
Vue.use(heatmap)
And then you can add the v-heatmap
directive to the dom elements you want to track.
<!-- App.vue -->
<div v-heatmap>
...
</div>
You can toggle the heatmap on and off by passing an expression into the directive, the example below will produce something similar to the image at the top of these docs
<template>
...
<div v-heatmap="show"></div>
<button @click="show = !show">Toggle Heatmap</button>
...
</template>
<script>
...
data() {
return {
show: false,
}
},
...
</script>
Streams
You can pass in an Observable into the plugin options and subscribe to events captured for the heatmap.
// main.js
import { Subject } from 'rxjs';
const stream = new Subject();
Vue.use(Vueheatmap, {
stream,
});
stream.subscribe(console.log);
Callback
You can pass an afterAdd method through with the plugin options, this will allow you to access and process the events captured for the heatmap
// main.js
Vue.use(heatmap, {
afterAdd(data) {
console.log(data)
// you can fire this back to your analytics server
},
})
Once you have captured heatmap data and persisted the data somewhere you will probably need a way of loading this data back in to your heatmap.
You can pass in an array of heatmap events using the heatmap preload plugin option
//main.js
Vue.use(Vueheatmap, {
heatmapPreload: [{ x: 10, y: 10, value: 100 }],
});
The plugin can also handle a Promise
//main.js
Vue.use(Vueheatmap, {
heatmapPreload: fetch('http://api.example.com').then(response => response.json()),
});
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.