Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@krautzource/aria-tree-walker
Advanced tools
A lightweight walker for labeled ARIA trees.
Reads the structure of an ARIA tree where every node is labeled. Provides a breadth-first tree walker using arrow keys. AT users will get the full label in browse mode and can switch into focus mode to explore (on almost all major browser+AT combinations).
The module currently exports a function that expects a (well-prepared) DOM node:
import { attachNavigator } from 'aria-tree-walker';
const myNode = document.querySelector('...');
attachNavigator(myNode);
The navigator extracts an abtract tree based on suitably prepared data-owns and data-owns-id attributes. The abstract tree is used to provide keyboard navigation and (accessible) focus management (using the "roving tabindex" technique).
The active tree node will get a class of is-activedescendant
for (visual) styling purposes.
Some rough expectations to get meaningful results from your content:
role="tree"
and role="treeitem"
as well as an aria-label
with a suitable accessible name (to get a "flat" name)..is-activedescendant
.Upon focus (e.g., clicking on or tabbing to an element with attached walker), the node will be highlighted and become explorable using the arrow keys. If you're using a screenreader, use browse mode until you encounter the node, then switch out of virtual/browse mode to explore with arrow keys. Some screenreader and browser combinations fail to put the current node into focus so you may have to move the focus to the equation.
Authors must ensure that these features are discoverable, e.g., via an explainer in the content / UI or via specific indicators on the element (e.g., one-time hints via live-region, description, role description).
See ./docs
for examples using simple diagrams, chemical diagrams, and (server-side) equation rendering with MathJax.
An initial prototype was developed during the AIM workshop Web accessibility of mathematics. Much of the code was (and still is) based on prior work in MathJax, speech rule engine, and ChromeVox (part of Chromium). That prototype was further developed into MathJax SRE Walker, a lightweight walker for server-side generated mathjax rendering.
From there, the walker evolved from SRE-specific markup to a general purpose aria(-owns) tree walker. At that point, it was forked to this repository and continued as aria-tree-walker. The goal is to support any such tree (e.g., complex diagrammatic content) and to gradually improve the user experience.
FAQs
A lightweight walker for labeled aria(-owns) trees
The npm package @krautzource/aria-tree-walker receives a total of 2 weekly downloads. As such, @krautzource/aria-tree-walker popularity was classified as not popular.
We found that @krautzource/aria-tree-walker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.