Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@visual-framework/vf-navigation
Advanced tools
Navigation component
About
The vf-navigation component is a horizontal list of links to key pages of the website.
Usage
Global navigation variant
This variant of the vf-navigation is to be used as part of the vf-global-header to give a few 'quick links' that will be on every page.
Main navigation variant
This variant of the vf-navigation can be used to link to sections of the site, or part of the site the parent section.
This is typically placed below the vf-hero component but can be also found below the vf-global-header.
There should be only one use of vf-navigation--main on a page.
On this page navigation variant
The vfNavigationOnThisPage JavaScript adds a quality-of-life improvement by automatically activating sections as the user scrolls them into view on the page. This sticky element allows users to quickly jump between sections on longer pages.
- There should be only one use of
vf-navigation--on-this-pageon a page. - Anchor targets need an element id:
id="container-1". This can be added to any item on the page, but would most logically be added to avf-grid,embl-gridorvf-section-headerelement. - Ensure
data-vf-js-navigation-on-this-page-container="true"is present on.vf-navigation__list. - Ensure each anchor link has a
data-vf-js-navigation-on-this-page-link.
Install
This component is distributed with npm. After installing npm, you can install the vf-navigation with this command.
$ yarn add --dev @visual-framework/vf-navigation
Sass/CSS
The source files included are written in Sass(scss). You can point your Sass include-path at your node_modules directory and import it like this.
@import "@visual-framework/vf-navigation/index.scss";
Make sure you import Sass requirements along with the modules. You can use a project boilerplate or the vf-sass-starter
JavaScript
If using the vf-navigation--on-this-page variant, you should import this component in ./components/vf-component-rollup/scripts.js or your other JS process:
import { vfNavigationOnThisPage } from "vf-navigation/vf-navigation.js";
// Or import directly
// import { vfGaIndicateLoaded } from '../components/raw/vf-navigation/vf-navigation.js';
vfNavigationOnThisPage();
Help
FAQs
Package last updated on 01 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025