Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@spectrum-web-components/circleloader
Advanced tools
@spectrum-web-components/circleloader
An `<sp-circleloader>` shows the progression of a system operation such as downloading, uploading, processing, etc. in a visual way. It can represent determinate or indeterminate progress.
Description
An <sp-circleloader> shows the progression of a system operation such as downloading, uploading, processing, etc. in a visual way. It can represent determinate or indeterminate progress.
Installation
npm install @spectrum-web-components/circleloader
# or
yarn add @spectrum-web-components/circleloader
Variants
Default
An <sp-circleloader> is used to visually show the progression of a system operation such as downloading, uploading, processing, etc.
<div
style="width: 250px; height: 150px; display: flex; align-items: center; justify-content: space-around;"
>
<sp-circleloader progress="71" size="small"></sp-circleloader>
<sp-circleloader progress="22"></sp-circleloader>
<sp-circleloader progress="86" size="large"></sp-circleloader>
</div>
Over background
When a loader needs to be placed on top of a colored background, use the over background loader as signified by [over-background]. This loader uses a white opaque color no matter the background. Make sure the background offers enough contrast for the loader to be legible.
<div
style="width: 250px; height: 150px; display: flex; align-items: center; justify-content: space-around; background-color: rgba(0,0,0,0.4);"
>
<sp-circleloader
progress="42"
over-background
size="small"
></sp-circleloader>
<sp-circleloader progress="7" over-background></sp-circleloader>
<sp-circleloader
progress="68"
over-background
size="large"
></sp-circleloader>
</div>
Indeterminate
A circle loader can be either determinate or indeterminate as signified by [indeterminate]. By default, loaders are determinate. Use a determinate loader when progress can be calculated against a specific goal (e.g., downloading a file of a known size). Use an indeterminate loader when progress is happening but the time or effort to completion can’t be determined (e.g., attempting to reconnect to a server).
<div
style="width: 250px; height: 150px; display: flex; align-items: center; justify-content: space-around;"
>
<sp-circleloader indeterminate size="small"></sp-circleloader>
<sp-circleloader indeterminate></sp-circleloader>
<sp-circleloader indeterminate size="large"></sp-circleloader>
</div>
Size
Circle loaders come in 3 sizes: small ([size="small"]), medium (default), or large ([size="large"]). These are available to fit various contexts. For example, the small loader can be used in place of an icon or in tight spaces, while the large one can be used for full-page loading.
FAQs
An `<sp-circleloader>` shows the progression of a system operation such as downloading, uploading, processing, etc. in a visual way. It can represent determinate or indeterminate progress.
The npm package @spectrum-web-components/circleloader receives a total of 11 weekly downloads. As such, @spectrum-web-components/circleloader popularity was classified as not popular.
We found that @spectrum-web-components/circleloader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 11 Mar 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025