
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@maptalks/fusiongl
Advanced tools
[](https://travis-ci.com/axmand/fusion.gl) [](https://badge.fury.io/js/fusion.gl) <!--[;
//get webgl context
const gl = canvas.getContext('webgl',{
alpha:false,
depth:true,
stencil:true,
antialias:false,
premultipliedAlpha:true,
preserveDrawingBuffer:false,
failIfMajorPerformanceCaveat:false
});
use fusion.gl with threejs
// use virtual glCanvas instead of real canvas element
const glCanvas1 = new fusion.gl.GLCanvas(gl);
// init 3d scene by threejs
const camera = new THREE.PerspectiveCamera(70, 800 / 600, 0.01, 10);
camera.position.z = 1;
scene = new THREE.Scene();
geometry = new THREE.BoxGeometry(0.2, 0.2, 0.2);
material = new THREE.MeshNormalMaterial();
mesh = new THREE.Mesh(geometry, material);
scene.add(mesh);
renderer = new THREE.WebGLRenderer({
canvas: glCanvas1,
context: glCanvas1.getContext()
});
renderer.setSize(800, 600);
renderer.render(scene, camera);
function animate() {
requestAnimationFrame(animate);
mesh.rotation.x += 0.01;
mesh.rotation.y += 0.02;
renderer.render(scene, camera);
}
animate();

use fusion.gl with claygl
// use virtual glCanvas instead of real canvas element
const glCanvas2 = new fusion.gl.GLCanvas(gl);
// vertex shader source
const vertexShader = `
attribute vec3 position: POSITION;
attribute vec3 normal: NORMAL;
uniform mat4 worldViewProjection : WORLDVIEWPROJECTION;
varying vec3 v_Normal;
void main() {
gl_Position = worldViewProjection * vec4(position, 1.0);
v_Normal = normal;
}`;
// fragment shader source
const fragmentShader = `
varying vec3 v_Normal;
void main() {
gl_FragColor = vec4(v_Normal, 1.0);
}`;
var app = clay.application.create(glCanvas2, {
init: function (app) {
// Create a orthographic camera
this._camera = app.createCamera([0, 2, 5], [0, 0, 0]);
// Create a empty geometry and set the triangle vertices
this._cube = app.createCube({
shader: new clay.Shader(vertexShader, fragmentShader)
});
},
loop: function (app) {
this._cube.rotation.rotateY(app.frameTime / 1000);
}
});

integrated
//get htmlcanvaselement
const canvas = document.getElementById('mapCanvas');
//get webgl context
//create virtual glCanvas with same webgl context
const gl = canvas.getContext('webgl',{
alpha:false,
depth:true,
stencil:true,
antialias:false,
premultipliedAlpha:true,
preserveDrawingBuffer:false,
failIfMajorPerformanceCaveat:false
});

The tests are not yet finished, and all comments are welcome
FAQs
[](https://travis-ci.com/axmand/fusion.gl) [](https://badge.fury.io/js/fusion.gl) <!--[
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.