Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
audero-sticky
Advanced tools
Audero Sticky is a polyfill for the CSS position: sticky with no dependencies and support for multiple module systems.
Audero Sticky is a polyfill for the CSS position: sticky
with no
dependencies and support for multiple module systems.
You can see the library in action by taking a look at the following demos:
Audero Sticky has been tested on the following browsers: Internet Explorer 9+, Chrome, Opera, Firefox, and Safari.
The library follows the UMD (Universal Module Definition) pattern to work seamlessly with module systems such as AMD and CommonJS, and the browser.
You can install Audero Sticky by using npm:
npm install audero-sticky
Alternatively, you can install it via Bower:
bower install audero-sticky
The last options you have to download the library are to clone the repository and copy the file contained in the
dist
folder into your project and to manually download the file.
First of all, you have to ensure that your CSS is using the border-box
model. This can be set as follows:
*
{
box-sizing: border-box;
}
Add a class to your CSS, for example sticky
, to specify the position your element(s) should have when in sticky
mode. The library supports any top
and bottom
value. While not mandatory for the library, I strongly suggest to
add the position: sticky
declaration too. This will allow you to use the library only in browsers that don't
support this feature.
An example is the following:
.sticky
{
position: sticky;
top: 0;
}
Once done, you have to include the JavaScript file. How to include it in your project, depends on what tools you are using. If you downloaded the library with Bower, you can include it as shown below:
<script src="bower_components/audero-sticky/dist/audero-sticky.min.js"></script>
</body>
If you have downloaded the library via npm, read the following sections to know how to include it.
var Sticky = require('audero-sticky');
// Call Sticky methods
require(['audero-sticky'], function(Sticky) {
// Call Sticky methods
});
<script src="node_modules/audero-sticky/dist/audero-sticky.min.js"></script>
<script>
// Call Sticky methods exposed via a global object called Sticky
</script>
</body>
Audero Sticky provides the methods described in the following sections.
Sticky.isFeatureSupported()
Tests if the sticky
value for the position
property is supported.
Sticky.autoInit([options])
Autoinitializes all the elements of the page having class sticky
if no options are provided. Otherwise, it
initializes the elements matching the selector provided in the options passed.
Sticky(element[, options])
Creates a new Sticky object. element
is the element to render as sticky. options
is an object of options
to customize the library. To use a class name different from sticky
, the options
parameter must be specified.
Sticky.prototype.init()
Initializes the library.
Sticky.prototype.destroy()
Removes the effects of the library and clean up all the resources
Audero Sticky triggers a few events on the element(s) that will stick. You can listen to these events to perform custom actions when needed:
stickystart
: Triggered when the element starts stickingstickyend
: Triggered when the element ends stickingAudero Sticky has the following options:
selector
(string
. Default: '.sticky'
): The selector used to identify the elements processed by this libraryactiveClass
(string
. Default: 'sticky-active'
): The class name added when an element starts stickingTo see the library in action, add the sticky
class (it can be changed) to an element:
<h1 class="sticky">Audero Sticky</h1>
Now, create a new Sticky
object by passing the element to the constructor. Once done, initialize it by calling the
init()
method:
var stickyHeader = new Sticky(document.querySelector('.sticky'));
stickyHeader.init();
You can (and should) avoid to use the library for those browsers that support position: sticky
. To do that, wrap the
previous snippet with a conditional statement that uses the isFeatureSupported()
method as shown below:
if (!Sticky.isFeatureSupported()) {
var stickyHeader = new Sticky(document.querySelector('.sticky'));
stickyHeader.init();
}
If you want to use a different class name, for example fixedsticky
, you have to update the previous snippet as
follows:
if (!Sticky.isFeatureSupported()) {
var stickyHeader = new Sticky(
document.querySelector('.fixedsticky'),
{
selector: '.fixedsticky'
}
);
stickyHeader.init();
}
Note how in this case I've also specified the second argument of the constructor.
Sometimes you might have multiple sticky elements in a web page or you simply don't want to further use the Sticky
object created. In these cases you can let the library do all the work for you:
if (!Sticky.isFeatureSupported()) {
Sticky.autoInit();
}
This will initialize all the elements having class sticky
. If you want to use a different class name, you have to
provide an object that specifies the selector to use:
if (!Sticky.isFeatureSupported()) {
Sticky.autoInit({
selector: '.fixedsticky'
});
}
Audero Sticky is dual licensed under MIT and GPL-3.0.
FAQs
Audero Sticky is a polyfill for the CSS position: sticky with no dependencies and support for multiple module systems.
The npm package audero-sticky receives a total of 3 weekly downloads. As such, audero-sticky popularity was classified as not popular.
We found that audero-sticky demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.