Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@financial-times/o-ads
Advanced tools
This is an Origami module that enables advertising from [Google's DFP Ad Server (part of Ad Manager)](https://support.google.com/admanager/answer/6022000?hl=en), and provides customised demographic, behavioural (via [Krux](http://www.krux.com/)), and cont
This is an Origami module that enables advertising from Google's DFP Ad Server (part of Ad Manager), and provides customised demographic, behavioural (via Krux), and contextual (via Admantx) targeting.
For basic use, a DFP (DoubleClick for Publishers) account with Google is required. Each targeting/tracking supplier will require their own configuration and setup.
Demos for all ads currently served across ft.com are available in the Origami Registry.
Includes detailed installation and set-up instructions, along with details about the module.
To build the documentation locally, from the docs
directory, run:
bundle install
jekyll build
It will generate a _site
directory where generated site will be compiled
You can then run the jekyll local server by executing jekyll serve
.
obt install
.obt demo
.npm run demo-server
See the test documentation
You will need a GITHUB_TOKEN
environment variable with access to the repository in your .env file
Get a github token with "repo" access and make it accessible as an environment variable.
Run npm run release (patch|minor|major|x.y.z)
in master
then follow the interactive steps.
This will bump version numbers in the source and commit them, push to github and create a new release.
The command uses release-it under the hood as well as genversion to automatically bump version numbers in the source.
This release does not change any o-ads behaviour however it now uses the latest major versions of all Origami sub-dependencies.
The following origami dependencies were updated: o-colors,o-visual-effects, o-viewport, o-grid, ftdomdelegate
Some CSS properties needed to be updated in order to work with the updated down-stream dependancies.
We have also added document.visibilityState to the Origami Required BrowserFeatures list as the polyfill for this feature was removed from the latest version of o-viewport.
This release removes integration with Krux for behavioural targeting. The origami component o-permutive can be used for behavioural tracking instead.
This release introduces the following changes:
o-ads
is now recording a performance mark for every event that it dispatches. The performance mark will have the same name as the event that originated it plus, in some cases, a suffix that helps determine the circumstances that triggered the event. This is all being used internally by o-ads
to provide new metrics functionality.
o-ads
exposes a new setupMetrics
method that simplifies obtaining performance metrics. setupMetrics
accepts two parameters:
Old event name | New event name |
---|---|
startInitialisation | initialising |
moatIVTcomplete | IVTComplete |
apiRequestsComplete | adsAPIComplete |
adServerLoadSuccess | serverScriptLoaded |
ready | slotReady |
render | slotCanRender |
gptDisplay | slotGoRender |
rendered | slotRenderStart |
complete | slotExpand |
adIframeLoaded | slotRenderEnded |
A guide can to the new names can also be found in this two diagrams:
As of version 11, o-ads has been updated to use ES modules. Unfortunately, this means it is not backwards compatible with CJS modules and clients cannot require('o-ads')
anymore.
import oAds from 'o-ads'
collapseEmpty
attribute: 'before'
, 'after
', 'never'
and defaults to 'never'
'before'
, 'after
', 'never'
instead of true
and false
previouslyconfig.collapseEmpty
instead of config.gpt.collapseEmpty
previouslyFTConsent
and specify which consent the user has given as part of the value like this: behaviouraladsOnsite:on,programmaticadsOnsite:on
disableConsentCookie
option.FAQs
This package contains the core functionality used by the FT in providing ads across all of its sites. This includes ft.com, howtospendit.com, ftadviser.com and other specialist titles.
We found that @financial-times/o-ads demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 18 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.