Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
@gemini-testing/canvas-prebuilt
Advanced tools
Prebuilt versions of node-canvas as a drop-in replacement
This fork is only for install
script fix in 1.6.x version: https://github.com/node-gfx/node-canvas-prebuilt/pull/13
This is a drop-in replacement for canvas that does not require any compiling. To use it
just npm install canvas-prebuilt
or replace canvas
with canvas-prebuilt
in your
dependencies.
You will also need to change require('canvas')
to require('canvas-prebuilt')
.
The repo is just a set of scripts that downloads a specific node-canvas version, builds it and bundles it on all platforms. It's meant to run on Travis and AppVeyor but it can be run locally too
Linux users will need glibc >= 2.13.1 (Ubuntu 14.04+, Debian 7+, etc)
If you are using fonts, you might see some FontConfig warnings which are harmless:
Situation | Message | Meaning |
---|---|---|
You have an old version of FontConfig on your system | Fontconfig warning: line 142: blank doesn't take any effect anymore. please remove it from your fonts.conf | You don't need to do anything, but removing said line or upgrading FontConfig on your system should fix it |
You don't have FontConfig | Fontconfig error: Cannot load default config file | You don't have any fonts on your system, so if you want to use the text APIs you'll either need to install FontConfig or use Canvas.registerFont |
More detail on the releases below, this won't be relevant to most users.
Make sure your node version is the most recent to guarantee ABI compatibility
canvas@1.4.x canvas@1.5.x canvas@1.6.x canvas@2.0.0-alpha.1 canvas@2.0.0-alpha.2 canvas@2.0.0-alpha.3 | node 8 | node 7 | node 6 | node 5 | node 4 | node 0.12 | node 0.10 |
---|---|---|---|---|---|---|---|
Linux x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
OSX x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows x86 | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
Linux x86 | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
Linux ARM | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
canvas@2.0.0-alpha.3 canvas@2.0.0-alpha.4 canvas@2.0.0-alpha.5 | node 9 | node 8 | node 7 | node 6 | node 5 | node 4 |
---|---|---|---|---|---|---|
Linux x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
OSX x64 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows x86 | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
Linux x86 | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
Linux ARM | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ | 𐄂¹ |
¹I have some ideas on how to get these working with cross-compilation if people request it. I plan to add Linux/ARM
The bundling scripts just take a regularly compiled executable (canvas.node in this case) and look at which non-system libraries it links against. Those libraries are then copied to the release directory and binaries are updated if necessary to refer to them.
The strategies for bundling could be applied to other projects too since they're general:
/lib
is non-system. The custom binding.gyp
compiles canvas.node
to look inside its own directory for dependenciesFAQs
Prebuilt versions of node-canvas as a drop-in replacement
We found that @gemini-testing/canvas-prebuilt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.