Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@freestar/pubfig-adslot-react-component
Advanced tools
npm install --save @freestar/pubfig-adslot-react-component
import React, { Component } from 'react'
import FreestarAdSlot from '@freestar/pubfig-adslot-react-component'
import './demo.css'
class Demo extends Component {
state = {
adRefresh: 0
}
onAdRefresh = () => {
const { adRefresh } = this.state
this.setState({
adRefresh: adRefresh + 1
})
}
render() {
const placementName = 'PublisherName_970x250_728x90_320x50'
const slotId = 'in_content_ad_1'
const publisher = 'publisherName'
const targeting = { key1: 'value1', key2: 'value2' }
const { adRefresh } = this.state
return (
<div>
<FreestarAdSlot
publisher={publisher}
placementName={placementName}
slotId={slotId}
targeting={targeting}
channel='custom_channel'
classList={['m-30', 'p-15', 'b-thin-red']}
adRefresh={adRefresh}
onNewAdSlotsHook={(placementName) => console.log('creating ad', placementName)}
onDeleteAdSlotsHook={(placementName) => console.log('destroying ad', placementName)}
onAdRefreshHook={(placementName) => console.log('refreshing ad', placementName)}
/>
<button onClick={this.onAdRefresh}>Trigger Refresh</button>
</div>
)
}
}
export default Demo
publisher A required string of the publisher, which will be provided by Freestar.
placementName A required string of the ad unit placement, which will be provided by Freestar.
slotId An optional string to specific the element id of the containing div around the adslot. Defaults to the placement.
targeting An optional object of key/value pairs for targeting.
channel An optional string of a custom channel to use.
classList An optional array of strings representing any additional classes that should be applied to the wrapper dom element of the ad slot.
adRefresh An optional number bound to the ad refresh. Increment this value to trigger a refresh of the ad slot.
onNewAdSlotsHook
An optional event hook that returns the placementName
when the component mounts and an ad is requested.
onDeleteAdSlotsHook
An optional event hook that returns the placementName
when the component unmounts.
onAdRefreshHook
An optional event hook that returns the placementName
when the component refreshes an ad.
FreestarAdSlot.setPageTargeting Proxy for the GPT setTargeting call to set page level targeting. See GPT documentation for more details
FreestarAdSlot.clearPageTargeting Proxy for the GRP clearTargeting call to clear page level targeting. See GPT documentation for more details
FreestarAdSlot.trackPageView Proxy for the freestar.trackPageview() method.
Freestar collects data values such as url location which is then used in various tables. In order to properly track data sites that are using Single Page Applications (SPAs), or sites with slideshows/carousels that change urls/url parameters these new actions must be taken by the publisher to assure accuracy of the collected data. When the location and/or url is updated the lifecycle of the DOM and/or Window does not reload the pubfig.js script. In order to address this the publisher must invoke the freestar.trackPageview() method. This will ensure that the new url is stored and used throughout the data collection for that page or view.
placementName A value acquired from Google Ad Manager (previously known as DFP/Adx), which will be provided by Freestar.
targeting A set of targeting values for the ad unit placement. See GPT Documentation for more details
If you would like to bypass Freestar Ad placements and render GAM ad units yourself directly please follow the instructions here
If you would like to allow the freestar library to preload but need to hold of on ad delivery until buisness logic has completed please follow the instructions here
To publish your changes to npm do the following:
npm run build
np major|minor|patch
FAQs
Freestar Pubfig AdSlot React Component
We found that @freestar/pubfig-adslot-react-component demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.