
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
This package is very simple with no dependencies and will help to implement a lot of useful features on canvas. This is main features:
import {Space} from 'canv';
window.onload = () => {
const s = Space(document.getElementById('canvas'), {scale: 0.7});
s.addDrawable({
x: 0, y: 0,
draw(ctx){
ctx.beginPath();
ctx.fillStyle = '#000';
ctx.rect(-100, -100, 200, 200);
ctx.fill();
ctx.closePath();
}
});
s.draw();
};
See all interface details in src/space.ts file
options (iSpaceOptions)
pixelRatio - (optional, number) - set if you need to set your custom pixelRatioonResize - (optional, () => void) - onResize handler (pixelRatio will be ignored if this param set)setupAutoResize - (optional, boolean) - flag to setup resize handler or not (default true)animationTick - (optional, (ts: number) => void) - set if you have dynamic content which should be always animated. The parameter of function is timestampproperties
canvas - (HTMLCanvasElement) - canvas you are bringing to space as a first paramobjects - (iObject[]) - all objects of a spacepixelRatio - (number) - canvas pixel ratioposition - (iPositioning) - some positional information (see interface section for details)options - (iSpaceOptions) - options of space (from constructor)methods
addDrawable(drawable) - add drawable as object to the spacedraw() - draws everythinglaunch() - should be called if you set animationTick in optionstransform(pos) - transforms position from page space to the current space.Usefull interface for creating new object
x - (number)y - (number)draw - (tDrawFunction)data - (optional, any) - data can be used in animation (see examples/animation.js)angle - (optional, number) - default 0scale - (optional, number) - default 1rotationCenter - (optional, iPosition) - default (0, 0) (center)hidden - (optional, boolean) - default falsechildren - (optional, iDrawable[])checkInside - (optional, tCheckInside) - checker to make interactions work (selecting, clicking, dragging objects) - see examples/selection.jsselectable - (optional, boolean) - default false, works with checkInside onlyfixedOrientation - (optional, boolean) - default false, set true to preserve angle of object while rotating space.fixedPosition - (optional, boolean) - default false, set true to preserve position (useful for things like hud)onClick - (optional, (pos: iPosition) => void) - click handler (see examples/animation.js)All objects in space stores as Objects not Drawables
parent - (iObject | iSpace) - parent nodeorig - (iDrawable)selectable - (boolean)data - (any)getSpace - (() => iSpace)position - (iPositioning)draw - (tDrawFunction)checkInside - (tCheckInside)inAnimationLoop - (boolean)click - (()=>void)clickable - (()=>boolean)selected - ((val?:boolean) => boolean)transform - ((position: iPosition) => iPosition)animate - ((options: iAnimateOptions) => void)applyAnimation - (tAnimationFunc)stopAnimation - ((all?: boolean) => void)To make some interaction methods work you need install them. So there are several methods for installing this methods:
installSelection(space) - install it to make object selection possible in your projectinstallClicks(space) - to make click on object workinstallCanvasControll(space) - the biggest feature which allows you to scale using wheel, move canvas space dragging with mouse and use touch features like pinch-n-zoom and rotate (with 2 fingers).npm uninstall canv if you've installed it alreadynpm i && npm run build (or npm run watch)npm linkimport {Space} from 'canv';Here are the list of known issues: Canv issues
FAQs
canvas interactive tool
The npm package canv receives a total of 6 weekly downloads. As such, canv popularity was classified as not popular.
We found that canv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.