Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@lottiefiles/lottie-interactivity
Advanced tools
This is a small effects and interactivity library written to be paired with the Lottie Web Player
This is a small library to add scrolling and cursor interactivity to your Lottie Animations. This can be used with the Lottie Web-Player Component or the Lottie Player.
For full documentation, visit docs.lottiefiles.com/lottie-interactivity
yarn add @lottiefiles/lottie-interactivity
npm install --save @lottiefiles/lottie-interactivity
<script src="https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js"></script>
<script src="https://unpkg.com/@lottiefiles/lottie-player@1/dist/lottie-player.js"></script> // place this in your body element
<lottie-player
id="firstLottie"
src="https://assets2.lottiefiles.com/packages/lf20_i9mxcD.json"
style="width:400px; height: 400px;"
>
</lottie-player>
The name of the player ie: 'firstLottie' in this example is the ID set to the lottie web component on the html page. Configration will contain an actions object. This object takes an array named actions which consists of an array of objects. Multiple objects can be added into this array and therefore multiple actions such as "seek","play", "stop" and "loop", can be set.
Each object has a start and end which is essentially a percentage for the height of the lottie container and is a value between 0 and 1. The visibility arrays first value is the start and the second value is the end. This refers to the percentage of the viewport.
Ensure that the ending frame is the frame you want the interactivity to end at. This could be the last frame or a frame of your choosing. In this case it is set to 100.
Configuration modes include "scroll" where the animation will be synced to the scrolling of the window, "cursor" where the scrolling of the animation will be synced to the cursor position within the container. And "chain" allowing you to interact with multiple Lottie animations one after the other.
The configuration can include a container field as shown in the next example. If a container is not provided the parent div will be taken as a container.
ensure that the interactivity library is imported to the body of your html DOM
LottieInteractivity.create({
mode: 'scroll',
player: '#firstLottie',
actions: [
{
visibility: [0, 1],
type: 'seek',
frames: [0, 100],
},
],
});
The configuration for the library remains the same for react apps. However usage and initialization is as follows. Import the create function from the lottie interactivity library and call the create function. With frameworks like react it is ideal to add an event listener that waits for the lottie player to load before calling the interactivity library. An example is as follows for a very basic react class component.
import React from 'react';
import '@lottiefiles/lottie-player';
import { create } from '@lottiefiles/lottie-interactivity';
class App extends React.Component {
constructor(props) {
super(props);
this.myRef = React.createRef(); // 1. create a reference for the lottie player
}
componentDidMount() {
// 3. listen for player load. see lottie player repo for other events
this.myRef.current.addEventListener('load', function (e) {
// 4. configure the interactivity library
create({
mode: 'scroll',
player: '#firstLottie',
actions: [
{
visibility: [0, 1],
type: 'seek',
frames: [0, 100],
},
],
});
});
}
render() {
return (
<div className="App">
<div style={{ height: '400px' }}></div>
<lottie-player
ref={this.myRef} // 2. set the reference for the player
id="firstLottie"
controls
mode="normal"
src="https://assets3.lottiefiles.com/packages/lf20_UJNc2t.json"
style={{ width: '320px' }}
></lottie-player>
</div>
);
}
}
export default App;
The configuration for the library remains the same for vue apps. However usage and initialization is as follows. Import the create function from the lottie interactivity library and call the create function. With frameworks like vue it is ideal to add an event listener that waits for the lottie player to load before calling the interactivity library. An example is as follows for a very basic vue class component.
<template>
<!-- 1. Create a lottie player with a reference -->
<lottie-player id="firstLottie"
ref="lottie"
controls
mode="normal"
src="https://assets3.lottiefiles.com/packages/lf20_UJNc2t.json"
style="width: 320px;">
</lottie-player>
</template>
<script>
import '@lottiefiles/lottie-player';
import { create } from '@lottiefiles/lottie-interactivity';
export default {
name: 'App',
mounted() {
// 2. listen for player load. See lottie player repo for other events
this.$refs.lottie.addEventListener('load', function() {
// 3. configure the interactivity library
create({
mode: 'scroll',
player: '#firstLottie',
actions: [
{
visibility: [0, 1],
type: 'seek',
frames: [0, 100],
},
],
});
})
}
}
</script>
Lottie-Interactivity has a wide variety of interactions and modes possible, allowing you to easily add interactions to your Lottie animations. For the full documentation on what's possible and how to use this library click here.
Project | Description |
---|---|
lottie-player | A Web Component for easily embedding and playing Lottie animations and the Lottie-based Telegram Sticker (tgs) animations in websites. |
lottie-react | A React component for the Lottie Web player. |
lottie-vue | A Vue component for the Lottie player. |
svelte-lottie-player | Lottie player component for use with Svelte. |
jLottie | jLottie is suitable as a general purpose lottie player, though implements a subset of the features in the core player - this approach leads to a tiny footprint and great performance. |
dotLottie | dotLottie is an open-source file format that aggregates one or more Lottie files and their associated resources into a single file. They are ZIP archives compressed with the Deflate compression method and carry the file extension of ".lottie". |
lottie-js | The library consists of methods to map the Lottie JSON to the object model and interact with properties as well as manipulate them. |
lottie-theming | A library to extract themable properties and apply different themes to a given Lottie |
We use changesets to maintain a changelog for this repository. When making any change to the codebase that impacts functionality or performance we require a changeset to be present.
To add a changeset run:
yarn run changeset
And select the type of version bump you'd like (major, minor, patch).
You can document the change in detail and format it properly using Markdown by opening the ".md" file that the "yarn changeset" command created in the ".changeset" folder. Open the file, it should look something like this:
---
"@lottiefiles/pkg1": minor
"@lottiefiles/pkg2": major
---
This is where you document your **changes** using Markdown.
- You can write
- However you'd like
- In as much detail as you'd like
Aim to provide enough details so that team mates and future you can understand the changes and the context of the change.
You can commit your changes and the changeset to your branch and then create a pull request on the develop branch.
MIT License © LottieFiles.com
FAQs
This is a small effects and interactivity library written to be paired with the Lottie Web Player
The npm package @lottiefiles/lottie-interactivity receives a total of 8,911 weekly downloads. As such, @lottiefiles/lottie-interactivity popularity was classified as popular.
We found that @lottiefiles/lottie-interactivity demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.