Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@curvenote/components
Advanced tools
@curvenote/components
Web components for interactive scientific writing, reactive documents and explorable explanations.
@curvenote/components
The goal of components is to provide web-components for interactive scientific writing, reactive documents and explorable explanations. This library provides ways to create, update and display variables as dynamic text and modify them with buttons, inputs, sliders, switches, and dropdowns.
The curvenote/components project is heavily inspired by tangle.js, re-imagined to use web-components!
This means you can declaratively write your variables and how to display them in html markup.
To get an idea of what that looks like, let's take the canonical example of Tangled Cookies - a simple reactive document.
<r-var name="cookies" value="3" format=".4"></r-var>
<r-var name="caloriesPerCookie" value="50"></r-var>
<r-var name="dailyCalories" value="2100"></r-var>
<r-var name="calories" :value="cookies * caloriesPerCookie" format=".0f"></r-var>
<r-var name="dailyPercent" :value="calories / dailyCalories" format=".0%"></r-var>
<p>
When you eat <r-dynamic bind="cookies" min="2" max="100">cookies</r-dynamic>,
you consume <r-display bind="calories"></r-display> calories.<br>
That's <r-display bind="dailyPercent"></r-display> of your recommended daily calories.
</p>
Getting Started
Ink is based on web-components, which creates custom HTML tags so that they can make writing documents easier. To get started, copy the built javascript file to the head of your page:
<script src="https://unpkg.com/@curvenote/components"></script>
You can also download the latest release from GitHub. If you are running this without a web server, ensure the script has charset="utf-8" in the script tag. You can also install from npm:
>> npm install @curvenote/components
You should then be able to extend the package as you see fit:
import components from '@curvenote/components';
Note that the npm module does not setup the @curvenote/runtime store, nor does it register the components. See the curvenote.ts file for what the built package does to setup the store and register the components.
Basic Components
- r-var
- r-display
- r-dynamic
- r-range
- r-action
- r-button
- r-switch
- r-checkbox
- r-radio
- r-select
- r-input
- r-visible
Documentation
See https://curvenote.dev/components for full documentation.
FAQs
Web components for interactive scientific writing, reactive documents and explorable explanations.
We found that @curvenote/components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 25 Feb 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025