
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
Light-weight version of HubSpot/tether.
Supports all the main features of tether:
It does differ from tether in a few key ways:
File size: Adjust is 16kb unminified, tether is 50kb unminified. The Adjust codebase is also modularized allowing you to reuse modules throughout the codebase and reduce the footprint added even further.
Less Mucking: Unlike Tether, Adjust does not change the DOM tree. Moving DOM nodes often leads to unintended consequences. I find that it's much easier to modify the DOM structure manually than have a library try and pick a structure for you.
Less Features: Tether has some additional options around constraints and pinning. It also does more to try and optimize location placement. Some of these things may get added as needed, but the goal is to build higher-level tooltips and dropdowns, without being concerned with the added filesize.
var tooltip = document.querySelector('.tooltip')
var target = document.querySelector('.target')
var adjust = require('adjust')()
adjust(tooltip, target, {
attachment: 'bottom middle'
target: 'top middle',
offset: {
y: 10
}
})
npm install adjust
MIT
FAQs
Adjust an element relative to another element
We found that adjust demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.