Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@startinfinity/draggable
Advanced tools
The JavaScript Drag & Drop library your grandparents warned you about.
Draggable is no longer maintained by its original authors. Maintence of this repo has been passed on to new collaborators and is no longer worked on by anyone at Shopify.
We are still looking for more maintainers! If anyone is interested in answering / triaging issues, reviewing / rejecting / approving PRs, and authoring code for bug fixes / new features — please send an email to curtis.dulmage (at) shopify (dot) com
. You may be asked a few questions before obtaining collaboration permission, but if everything checks out, we will happily add you as a collaborator.
Current maintainers are:
Please ping the above handles when putting up PRs.
Get complete control over drag and drop behaviour with Draggable! Draggable abstracts
native browser events into a comprehensive API to create a custom drag and drop experience.
Draggable
comes with additional modules: Sortable
, Droppable
, Swappable
. Draggable
itself does not perform any sorting behaviour while dragging, but does the heavy lifting, e.g.
creates mirror, emits events, manages sensor events, makes elements draggable.
The additional modules are built on top of Draggable
and therefore provide a similar API
interface, for more information read the documentation below.
Features
You can install the library via npm.
npm install @shopify/draggable --save
or via yarn:
yarn add @shopify/draggable
or via CDN
<!-- Entire bundle -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/draggable.bundle.js"></script>
<!-- legacy bundle for older browsers (IE11) -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/draggable.bundle.legacy.js"></script>
<!-- Draggable only -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/draggable.js"></script>
<!-- Sortable only -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/sortable.js"></script>
<!-- Droppable only -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/droppable.js"></script>
<!-- Swappable only -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/swappable.js"></script>
<!-- Plugins only -->
<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable@1.0.0-beta.8/lib/plugins.js"></script>
Latest ✔ | Latest ✔ | 11+ ✔ | Latest ✔ | Latest ✔ | Latest ✔ |
Package name | ES6 bundle sizes | ES5 bundle sizes |
---|---|---|
draggable.bundle.js | ~11kb | ~19.2kb |
draggable.bundle.legacy.js | ~19.2kb | ~25.63kb |
draggable.js | ~8.06kb | ~15.36kb |
sortable.js | ~8.93kb | ~16.51kb |
swappable.js | ~8.56kb | ~16.14kb |
droppable.js | ~8.8kb | ~16.55kb |
plugins.js | ~2.37kb | ~8.76kb |
plugins/collidable.js | ~1.45kb | ~7.81kb |
plugins/snappable.js | ~1.19kb | ~6.94kb |
plugins/swap-animation.js | ~1kb | ~6.65kb |
You can find the documentation for each module within their respective directories.
To run the examples
project locally, simply run the following from the draggable
root:
yarn && yarn start
This will start a server that hosts the contents of examples/
. It also watches for file
changes from both src/
and examples/src
and reloads the browser.
Contributions are more than welcome, the code base is still new and needs more love.
For more information, please checkout the contributing document.
We are currently working on v1.0.0-beta.8
. Check out the project board to see tasks and follow progress on the release. Any Pull Requests should be pointed against the feature branch v1.0.0-beta.8
.
Copyright (c) 2018 Shopify. See LICENSE.md for further details.
FAQs
The JavaScript Drag & Drop library your grandparents warned you about.
The npm package @startinfinity/draggable receives a total of 13 weekly downloads. As such, @startinfinity/draggable popularity was classified as not popular.
We found that @startinfinity/draggable demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.