Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@krakenjs/cross-domain-utils
Advanced tools
A set of utilities for dealing with cross-domain windows
As of version 3 this package will be published under the @krakenjs
scope.
npm install @krakenjs/cross-domain-utils
getDomain(win : Window) => string
Get the full domain of the specified window, as a string.
win
must be a window on the same domain as the current window, or an exception will be raisedwin.mockDomain = 'mock://some-domain.com';
. mock://
is required to ensure the window can not spoof actual http://
or https://
domainsgetDomainFromUrl(url : string) => string
Get the full domain from the specified url, as a string.
http://
, https://
, file://
, and additionally mock://
urls)getDomain
using the current window as inputgetActualDomain(win : Window) => string
Same as getDomain
but overriding / mocking is disabled. it will return the real full domain of the specified window.
isBlankDomain(win : Window) => boolean
Returns if the domain for the specified window is blank, or about:blank
win
must be a window on the same domain as the current window, or an exception will be raisedwin
may be a window or iframe that has been newly opened by the current windowisSameDomain(win : Window) => boolean
Returns if the specified window is on the same domain as the current window.
try/catch
still raises a console warning.getParent(win : Window) => ?Window
Gets the parent of the specified window, if the window has a parent.
getOpener(win : Window) => ?Window
Gets the opener of the specified window, if the window has an opener.
window.open
getParents(win : Window) => Array<Window>
Gets all of the hierarchical parents of the specified window.
isAncestorParent(ancestor : Window, win : Window) => boolean
Returns true if the ancestor
is a direct or non-direct parent of the specified window.
getFrames(win : Window) => Array<Window>
Returns an array of all direct child frames found in a given window.
getAllChildFrames(win : Window) => Array<Window>
Returns an array of all recursive child frames found in a given window, and in the child-frames of that window.
getTop(win : Window) => Window
Gets the top-level parent of the specified window.
getAllFramesInWindow(win : Window) => Array<Window>
Returns an array of all recursive child frames found in a given window, and in the child-frames of that window, including the specified window.
isTop(win : Window) => boolean
Returns true if the specified window is the top level window, without any parents.
isFrameWindowClosed(frame : HTMLIFrameElement) => boolean
Returns true if the window attached to an iframe element is closed, by checking if the frame is still attached to an open document.
isWindowClosed
when possibleisWindowClosed(win : Window) => boolean
Returns true if a window has been closed
getUserAgent(win : Window) => string
Gets the user agent for the specified window
win.navigator.mockUserAgent
if specified, to allow for mocking / tests.getFrameByName(win : Window, name : string) => ?Window
Gets a frame window with the given name, if it exists as a child of the specified window.
findChildFrameByName(win : Window, name : string) => ?Window
Recursively searches for a given frame window inside the children specified window.
findFrameByName(win : Window, name : string) => ?Window
Recursively searches for a given frame window inside the entire frame hierarchy of the specified window.
isParent(parent : Window, child : Window) => boolean
Returns true if the specified parent window is the parent of the specified child window.
isOpener(opener : Window, child : Window) => boolean
Returns true if the specified opener window is the opener of the specified child window.
getAncestor(win : Window) => ?Window
Gets either the parent or the opener of the specified window, if either is present.
getAncestors(win : Window) => Array<Window>
Recursively gets either the parent or the opener of the specified window, if either is present, and returns an array of the entire ancestor hierarchy.
isAncestor(ancestor : Window, child : Window) => boolean
Returns true if the specified ancestor window is the parent or the opener of the specified child window.
isPopup(win : Window) => boolean
Returns true if the specified window has been opened with window.open
(i.e. if it is a popup window)
isIframe(win : Window) => boolean
Returns true if the specified window has been opened as an iframe.
getDistanceFromTop(win : Window) => number
Gets the numerical distance from the specified window to the top level window in that window's hierarchy.
getNthParent(win : Window, n : number) => ?Window
Gets the window n
levels up from the specified window, if it exists.
isSameTopWindow(win1 : window, win2 : Window) => boolean
Returns true if the windows are in the same hierarchy, with the same top level window
isWindow(obj : Window) => boolean
Returns true if the specified object is a window instance
onCloseWindow(win : Window, callback : Function, interval : number) => { cancel : Function }
Calls the callback when the specified window closes, with checks running on the specified interval.
.cancel()
method, to stop the loopmatchDomain(pattern : (string | RegExp | Array<string>), domain : string) => boolean
Returns true if the specified domain matches the pattern. The pattern can be one of:
All of the tasks are listed in the package.json file under the scripts section
Command | Description |
---|---|
npm run build | Builds the dist files |
npm test | Runs full test suite. |
FAQs
Utilities for dealing with cross-domain windows.
The npm package @krakenjs/cross-domain-utils receives a total of 4,048 weekly downloads. As such, @krakenjs/cross-domain-utils popularity was classified as popular.
We found that @krakenjs/cross-domain-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.