Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@floating-ui/dom
Advanced tools
The @floating-ui/dom package is a library for creating floating elements that can be positioned next to a reference element on the DOM, such as tooltips, popovers, dropdowns, and more. It provides low-level primitives for positioning and updating the placement of these elements in relation to their reference elements and the viewport.
Positioning
This feature allows you to compute the position of a floating element relative to a reference element. The computePosition function returns a promise that resolves with the coordinates where the floating element should be placed.
import {computePosition} from '@floating-ui/dom';
const referenceElement = document.querySelector('#reference');
const floatingElement = document.querySelector('#floating');
computePosition(referenceElement, floatingElement).then(({x, y}) => {
Object.assign(floatingElement.style, {
left: `${x}px`,
top: `${y}px`,
position: 'absolute',
});
});
Auto-Placement
Auto-placement automatically adjusts the placement of the floating element to ensure it stays in view within the viewport or a specified boundary. It can flip or shift the element as needed.
import {autoPlacement} from '@floating-ui/dom';
const referenceElement = document.querySelector('#reference');
const floatingElement = document.querySelector('#floating');
autoPlacement(referenceElement, floatingElement, {
placement: 'bottom',
middleware: [{name: 'flip', options: {padding: 8}}]
}).then(placement => {
// Apply the placement to the floating element
});
Middleware
Middleware allows for advanced positioning behavior by adding additional logic during the position computation. Examples include 'shift' to keep the floating element within view and 'flip' to flip the element to the opposite side of the reference element if it would overflow the viewport.
import {computePosition, shift, flip} from '@floating-ui/dom';
const referenceElement = document.querySelector('#reference');
const floatingElement = document.querySelector('#floating');
computePosition(referenceElement, floatingElement, {
middleware: [shift(), flip()]
}).then(({x, y, middlewareData}) => {
// Use the x, y coordinates and middleware data to position the floating element
});
Popper.js is a predecessor of the @floating-ui/dom library. It provides similar functionality for positioning tooltips and popovers. While Popper.js is widely used and has a larger community, @floating-ui/dom is its successor with a more modular architecture and potentially better performance.
Tippy.js is a highly popular tooltip and popover library built on top of Popper.js. It offers a more complete solution out of the box with a wide range of options and plugins for creating interactive floating UI elements. Compared to @floating-ui/dom, Tippy.js might be easier to use for those who want a ready-to-go solution with less setup.
Tooltip.js is another library for creating tooltips in web applications. It is part of the Bootstrap framework but can be used independently. While it provides a simple API for tooltips, @floating-ui/dom offers a lower-level API that can be used to build a wider variety of floating UI elements.
This is the library to use Floating UI on the web, wrapping @floating-ui/core
with DOM interface logic.
FAQs
Floating UI for the web
We found that @floating-ui/dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.