
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
async-youtube-video
Advanced tools
Attach a YouTube video to an element asynchronously.
npm install --save-dev async-youtube-video
Include the script on your page
Insert an element with class youtube-iframe-video
into your DOM
NB This element will be replaced with the iframe, so ensure you have a wrapping element in your DOM so you can control it.
<div class="video-container">
<div class="youtube-iframe-video"></div>
</div>
Then initialise
window.onload = function() {
asyncYoutubeVideo.init({
targetClass: 'youtube-iframe-video',
videoId: 'Srmdij0CU1U',
controls: 1,
autoplay: 1,
disablekb: 1,
fs: 0,
modestbranding: 1,
playsinline: 1,
showinfo: 0,
origin: 'example.com',
additionalClasses: 'test-video some-class',
rel: 0,
mute: 1,
loop: 1
});
}
Required options are videoId
, origin
and targetClass
.
targetClass
must match the class of the replacement element in the DOM
Will render
<iframe id="async-youtube-video" src="//www.youtube.com/embed/Srmdij0CU1U?enablejsapi=1&controls=1&autoplay=1&disablekb=1&fs=1&rel=0&modestbranding=1&playsinline=1&showinfo=1&loop=1&origin=http://example.com" frameborder="0" type="text/html" class="test-video some-class async-youtube-video"></iframe>
The options map to YouTube API names for ease of reference.
The names of the variables are somewhat confusing though, so here is a brief rundown.
Valid values are 1
or 0
unless otherwise stated
1
1
0
1
1
0
1
0
1
list
0
1
The enablejsapi
option is always enabled, and there are no plans to allow
that to be configurable.
Width and height iframe attributes are not supported yet
Contributions welcome
FAQs
Simple async youtube video loader
The npm package async-youtube-video receives a total of 0 weekly downloads. As such, async-youtube-video popularity was classified as not popular.
We found that async-youtube-video demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.