Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
blurhash-img
Advanced tools
A Web Component for decoding blurhash strings onto a canvas.
This component is currently not bundled. If you are using a bundler, the dependencies for this component must also be bundled.
Install the component:
npm install blurhash-img
As a Web Component, you must decide when to register it. Refer to the "Registering with ..." sections below for how to do that.
You can set the hash
attribute in HTML.
<blurhash-img
hash="L?H..]S5Rjaz?wR+f5fkIVV@t7fQ"
style="--aspect-ratio: 4/6">
</blurhash-img>
Note that by default blurhash-img needs an aspect ratio to hold its place in the layout, and scale correctly. This makes it similar to how images behave, after they have been replaced.
You set the layout via the --aspect-ratio
custom property.
You can do this via CSS selectors:
blurhash-img {
--aspect-ratio: 4/6;
}
Or via the inline style
attribute:
<blurhash-img
hash="L?H..]S5Rjaz?wR+f5fkIVV@t7fQ"
style="--aspect-ratio: 4/6">
</blurhash-img>
In an HTML page, add the following script tag:
<script type="module">
import './path-to-blurhash-img.js';
</script>
Or:
<script type="module" src="./path-to-blurhash-img.js"></script>
For both of these cases, you need the full, qualified path to the script. This might be a pain to do manually, in which case consider registering with JavaScript, and/or using a bundler, like webpack or Rollup.
You can include this element in your JavaScript bundle, and it will register itself. Import the package directly, for .define
to work.
In a JavaScript module:
import 'blurhash-img';
Or:
You can register the component manually via the customElements.define method. Due to how the custom elements registry works at the moment, you will need to create a subclass around the component.
import {BlurhashImg} from 'blurhash-img';
window.customElements.define('blurhash-img', class extends BlurhashImg{});
<blurhash-img>
can be used with declarative rendering libraries like Angular, React, Vue, and lit-html.
Example for lit-html:
import {html, render} from 'lit-html';
const hash="L?H..]S5Rjaz?wR+f5fkIVV@t7fQ";
render(html`
<blurhash-img .hash="${hash}"></blurhash-img>
`, document.body);
npm CDNs like unpkg.com can directly serve files that have been published to npm. This works great for standard JavaScript modules that the browser can load natively.
Using a CDN might help you get started!
For this element to work from unpkg.com specifically, you need to include the ?module
query parameter, which tells unpkg.com to rewrite "bare" module specificers to full URLs.
<script type="module" src="https://unpkg.com/blurhash-img?module"></script>
import {BlurhashImg} from 'https://unpkg.com/blurhash-img?module';
Install dependencies:
npm i
This sample uses the TypeScript compiler to produce JavaScript that runs in modern browsers.
To build the JavaScript version of your component:
npm run build
To watch files and rebuild when the files are modified, run the following command in a separate shell:
npm run build:watch
Both the TypeScript compiler and lit-analyzer are configured to be very strict. You may want to change tsconfig.json
to make them less strict.
This sample uses Karma, Chai, Mocha, and the open-wc test helpers for testing. See the open-wc testing documentation for more information.
Tests can be run with the test
script:
npm test
This sample uses open-wc's es-dev-server for previewing the project without additional build steps. ES dev server handles resolving Node-style "bare" import specifiers, which aren't supported in browsers. It also automatically transpiles JavaScript and adds polyfills to support older browsers.
To run the dev server and open the project in a new browser tab:
npm run serve
There is a development HTML file located at /dev/index.html
that you can view at http://localhost:8000/dev/index.html.
If you use VS Code, we highly reccomend the lit-plugin extension, which enables some extremely useful features for lit-html templates:
The project is setup to reccomend lit-plugin to VS Code users if they don't already have it installed.
Linting of TypeScript files is provided by ESLint and TypeScript ESLint. In addition, lit-analyzer is used to type-check and lint lit-html templates with the same engine and rules as lit-plugin.
The rules are mostly the recommended rules from each project, but some have been turned off to make LitElement usage easier. The recommended rules are pretty strict, so you may want to relax them by editing .eslintrc.json
and tsconfig.json
.
To lint the project run:
npm run lint
Prettier is used for code formatting. It has been pre-configured according to the Polymer Project's style. You can change this in .prettierrc.json
.
Prettier has not been configured to run when commiting files, but this can be added with Husky and and pretty-quick
. See the prettier.io site for instructions.
This project includes a simple website generated with the eleventy static site generator and the templates and pages in /docs-src
. The site is generated to /docs
and intended to be checked in so that GitHub pages can serve the site from /docs
on the master branch.
To enable the site go to the GitHub settings and change the GitHub Pages "Source" setting to "master branch /docs folder".
To build the site, run:
npm run docs
To serve the site locally, run:
npm run docs:serve
To watch the site files, and re-build automatically, run:
npm run docs:watch
The site will usually be served at http://localhost:8000.
See Get started on the LitElement site for more information.
FAQs
A Web Component for decoding blurhash strings onto a canvas.
We found that blurhash-img demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.