Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@financial-times/o-ads
Advanced tools
This is an Origami module that enables advertising from [Google's DFP Ad server](http://www.google.com/dfp), and provides customised demographic, behavioural (via [Krux](http://www.krux.com/)), and contextual (via [Admantx](http://admantx.com/)) targeting
This is an Origami module that enables advertising from Google's DFP Ad server, and provides customised demographic, behavioural (via Krux), and contextual (via Admantx) targeting.
For basic use, a DFP account with Google is required. Each targeting/tracking supplier will require their own configuration and setup.
Demos for all ads currently served across ft.com are available in the Origami Registry.
Includes detailed installation and set-up instructions, along with details about the module.
To build the documentation locally, from the docs
directory, run:
bundle install
jekyll build
It will generate a _site
directory where generated site will be compiled
You can then run the jekyll local server by executing jekyll serve
.
obt install
.obt demo
.npm run demo-server
See the test documentation
You will need a GITHUB_TOKEN
environment variable with access to the repository in your .env file
Get a github token with "repo" access and make it accessible as an environment variable.
Run npm run release (patch|minor|major|x.y.z)
in master
then follow the interactive steps.
This will bump version numbers in the source and commit them, push to github and create a new release.
The command uses release-it under the hood as well as genversion to automatically bump version numbers in the source.
FTConsent
and specify which consent the user has given as part of the value like this: behaviouraladsOnsite:on,programmaticadsOnsite:on
disableConsentCookie
option.collapseEmpty
attribute: 'before'
, 'after
', 'never'
and defaults to 'never'
'before'
, 'after
', 'never'
instead of true
and false
previouslyconfig.collapseEmpty
instead of config.gpt.collapseEmpty
previouslyAs of version 11, o-ads has been updated to use ES modules. Unfortunately, this means it is not backwards compatible with CJS modules and clients cannot require('o-ads')
anymore.
import oAds from 'o-ads'
This release introduces the following changes:
o-ads
is now recording a performance mark for every event that it dispatches. The performance mark will have the same name as the event that originated it plus, in some cases, a suffix that helps determine the circumstances that triggered the event. This is all being used internally by o-ads
to provide new metrics functionality.
o-ads
exposes a new setupMetrics
method that simplifies obtaining performance metrics. setupMetrics
accepts two parameters:
Old event name | New event name |
---|---|
startInitialisation | initialising |
moatIVTcomplete | IVTComplete |
apiRequestsComplete | adsAPIComplete |
adServerLoadSuccess | serverScriptLoaded |
ready | slotReady |
render | slotCanRender |
gptDisplay | slotGoRender |
rendered | slotRenderStart |
complete | slotExpand |
adIframeLoaded | slotRenderEnded |
A guide can to the new names can also be found in this two diagrams:
FAQs
This package contains the core functionality used by the FT in providing ads across all of its sites. This includes ft.com, howtospendit.com, ftadviser.com and other specialist titles.
We found that @financial-times/o-ads demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.