
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@sheerun/mutationobserver-shim
Advanced tools
@sheerun/mutationobserver-shim is a polyfill for the MutationObserver API, which allows you to watch for changes being made to the DOM tree. This is particularly useful for environments where MutationObserver is not natively supported.
Observing DOM Changes
This feature allows you to observe changes to the DOM, such as additions or removals of child nodes, or modifications to attributes. The code sample demonstrates how to set up a MutationObserver to watch for these changes and log them to the console.
const MutationObserver = require('@sheerun/mutationobserver-shim');
const targetNode = document.getElementById('someElement');
const config = { attributes: true, childList: true, subtree: true };
const callback = function(mutationsList, observer) {
for(const mutation of mutationsList) {
if (mutation.type === 'childList') {
console.log('A child node has been added or removed.');
}
else if (mutation.type === 'attributes') {
console.log('The ' + mutation.attributeName + ' attribute was modified.');
}
}
};
const observer = new MutationObserver(callback);
observer.observe(targetNode, config);
The 'mutation-observer' package is another polyfill for the MutationObserver API. It provides similar functionality to @sheerun/mutationobserver-shim, allowing you to observe changes to the DOM. However, it may have different performance characteristics and API nuances.
The 'mutation-summary' package provides a higher-level API for observing changes to the DOM. It builds on top of MutationObserver and offers more detailed summaries of the changes, which can be useful for more complex applications. It is more feature-rich compared to @sheerun/mutationobserver-shim but may be overkill for simpler use cases.
Note: the svg swapped the working browsers; IE8 works while IE7 fails 1 test
A polyfill for the MutationObserver API (can I use?). The polyfill is more cause we can than should (with subtree at any rate)... It's async and uses a recursive timeout fallback (default checks changes every 30ms + runtime) instead of using the deprecated DOM3 MutationEvents so theoretically can support virtually any environment.
$ npm install mutationobserver-shim
$ bower install MutationObserver-shim
<script src="//cdn.jsdelivr.net/npm/mutationobserver-shim/dist/mutationobserver.min.js"></script>
setTimeout
(every ~30 ms) rather than using a setImmediate
polyfill; so calls will be made less frequently and likely with more data than the standard MutationObserver. In addition, it can miss changes that occur and then are lost in the interval window.innerHTML
will call childList
observer listeners with several mutations with only 1 addedNode or removed node per mutation. With the standard you would have 1 call with multiple nodes in addedNodes and removedNodes node lists.childList
and subtree
changes in node order (eg first element gets swapped with last) should fire a addedNode
and removedNode
mutation but the correct node may not always be identified.addedNodes
and removedNodes
are arrays instead of NodeList
soldValue
is always called with attribute changesnextSibling
and previousSibling
correctfullness is questionable (hard to know if the order of appended items). I'd suggest not relying on them anyway (my tests are extremely permissive with these attributes)Currently supports the following MutationObserverInit properties:
style
attribute may not be matched in ie<8.textNodes
values and not, like in webkit, where setting .innerHTML will add a characterData mutation.By default, the polyfill will check observed nodes about 25 times per second (30 ms interval) for mutations. Try running these jsperf.com tests and the JSLitmus tests in the test suite for usage performance tests. It may be worthwile to adapt MutationObserver._period
based on UA or heuristics (todo).
From my tests observing any size element without subtree
enabled is relatively cheap. Although I've optimized the subtree check to the best of my abilities it can be costly on large trees. You can draw your own conclusions based on the JSLitmus and jsperf tests noting that you can expect the mo
to do its check 28+ times a second (by default).
Although supported, I'd recommend against watching attributes
on the subtree
on large structures, as the check is complex and expensive on terrible hardware like my phone :(
The included minified file has been tuned for performance.
I've tested and verified compatibility in the following browsers + these Sauce browsers
Try running the test suite and see some simple example usage:
See http://dev.opera.com/articles/view/mutation-observers-tutorial/ for some sample usage.
FAQs
MutationObserver shim for ES3 environments
The npm package @sheerun/mutationobserver-shim receives a total of 236,284 weekly downloads. As such, @sheerun/mutationobserver-shim popularity was classified as popular.
We found that @sheerun/mutationobserver-shim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.