Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This document is an explainer for a potential browser-provided "App Drawer" component, implemented as a built-in module. App Drawer is delivered as a Custom Element, making it framework-agnostic and easy to integrate into existing applications. It supports the gestures users expect from experience with native mobile platforms, ensures a consistent UX for opening and dismissal, and solves accessibility issues common to web-based drawer implementations. It ships unstyled, and is easily customized via attributes and CSS Custom Properties.
<app-drawer id="drawer">
<header><h1>App</h1></header>
<nav>
<a href="/">Home</a>
...
</nav>
</app-drawer>
<script type="module">
import 'std:app-drawer';
drawer.addEventListener('close', () => {
console.log('closed');
});
drawer.open();
</script>
The concept of an "app drawer" is pervasive on the web. Also referred to as "off-canvas navigation" or modal sidebars, these represent an important component of many User Interfaces and often contain an web app's primary navigation.
There are a multitude of drawer implementations in userland, many of which suffer from usability or performance issues. The inconsistency and unreliability of important UX characteristics like gestures & keyboard support has fractured web users' expectations of the metaphor, demonstrating the need for a browser-provided solution.
We want to win back the trust of web users by bringing consistency, reliability and performance to drawer UI's.
By default, any elements placed into <app-drawer>
are rendered within the sliding drawer panel. Children can also be placed into other areas using Named Slots:
<app-drawer>
<div slot="backdrop">Placed into the backdrop (grayed out) area</div>
<div slot="header">Placed first in the drawer area</div>
<div>Any other children are placed into the drawer (after the header)</div>
</app-drawer>
Styling can be adjusted using the following CSS Custom Properties:
--width
: the drawer's default width (default: 200px
)--max-width
: maximum drawer width as a percentage of the viewport (default: 100
)--background
: background color for the sliding drawer panel (default: #eee
)--backdrop
: background for the backdrop/shim behind the drawer (default: rgba(0, 0, 0, 0.5)
)Additionally, the drawer exposes some of its state as CSS Custom Properties, which can be used to reactively style the drawer or any element within it:
--percent
: the current percent visibility/openness of the drawer during a drag gesture--tf-x
: the current CSS transform (translateX(xx)
) applied to the drawer during a drag gestureAppDrawer
Custom Element constructor, inheriting from HTMLElement.
To create an App Drawer instance programmatically:
const appDrawer = document.createElement('app-drawer');
.toggle(forceState)
Opens or closes the drawer based on its current state.
If forceState
is a Boolean value, the drawer will be opened or closed regardless of its current state.
.open()
Open the drawer if it is currently closed.
Note: If invoked during a drawer gesture, overrides the end state of the gesture.
.close()
Close the drawer if it is currently open.
Note: If invoked during a drawer gesture, overrides the end state of the gesture.
toggle(e)
Fired when the drawer finishes opening or closing. The event includes a .open
property with a Boolean indicating the drawer's new state.
drawer.addEventListener('toggle', e => {
console.log('Drawer is now ', e.open ? 'open' : 'closed');
})
Please see the issue tracker for open issues on the API surface detailed above.
This feature would be medium-effort, medium-reward.
There are a number of standalone drawer implementations available on npm that offer comparable functionality:
rc-drawer
, 11kB and downloaded ~90k times per week@material/drawer
, 7.8kB and downloaded ~30k times per weekreact-burger-menu
, 5.2kB and downloaded ~25k times per week@iamadamjowett/angular-click-outside
, 0.5kB and downloaded ~15k times per weekreact-sidebar
, 2.4kB and downloaded ~12k times per week(All of the above statistics are as of 2019-02-06.)
FAQs
Polyfill for the app-drawer Built-in Module
We found that app-drawer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.