Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The canvas npm package is a powerful library that allows Node.js users to draw 2D graphics on the fly using a Canvas API similar to the one provided by browsers. It can be used for creating images, manipulating graphics, and generating dynamic visual content.
Drawing shapes
This feature allows you to draw basic shapes such as rectangles, circles, and lines on the canvas.
const { createCanvas } = require('canvas');
const canvas = createCanvas(200, 200);
const ctx = canvas.getContext('2d');
// Draw a rectangle
ctx.fillStyle = 'green';
ctx.fillRect(10, 10, 150, 100);
Text manipulation
With the canvas package, you can add text to your images, apply fonts, styles, and rotation.
const { createCanvas } = require('canvas');
const canvas = createCanvas(200, 200);
const ctx = canvas.getContext('2d');
// Draw text
ctx.font = '30px Impact';
ctx.rotate(0.1);
ctx.fillText('Awesome!', 50, 100);
Image manipulation
This feature allows you to load images, draw them onto the canvas, and manipulate their appearance.
const { createCanvas, loadImage } = require('canvas');
const canvas = createCanvas(200, 200);
const ctx = canvas.getContext('2d');
loadImage('image.png').then((image) => {
ctx.drawImage(image, 50, 50, 150, 100);
});
Pixel manipulation
Canvas allows direct pixel manipulation for effects like inversion, brightness, contrast, and more.
const { createCanvas } = require('canvas');
const canvas = createCanvas(200, 200);
const ctx = canvas.getContext('2d');
// Draw a rectangle
ctx.fillStyle = 'red';
ctx.fillRect(0, 0, 50, 50);
// Get pixel data
const imageData = ctx.getImageData(0, 0, 50, 50);
// Manipulate pixels
for (let i = 0; i < imageData.data.length; i += 4) {
imageData.data[i] = 255 - imageData.data[i]; // Invert red
imageData.data[i+1] = 255 - imageData.data[i+1]; // Invert green
imageData.data[i+2] = 255 - imageData.data[i+2]; // Invert blue
}
// Put the image data back onto the canvas
ctx.putImageData(imageData, 0, 0);
Fabric.js is a powerful and rich graphics library, similar to canvas, but it runs in the browser. It provides interactive object model on top of canvas element and also has SVG-to-canvas (and canvas-to-SVG) parser.
Konva.js is an HTML5 2D canvas library for desktop and mobile applications. It extends the 2D context by enabling canvas interactivity and much more. It is similar to canvas but with additional features like event handling, layering, filtering, caching, and animations.
PixiJS is a 2D webGL renderer with a seamless canvas fallback that can be used to create rich interactive graphics, cross-platform applications, and games. Unlike canvas, PixiJS is focused on webGL and provides a faster rendering for complex scenes.
p5.js is a client-side library that enables creative coding with a focus on making coding accessible for artists, designers, educators, and beginners. It is similar to canvas but emphasizes an easy-to-use API and includes a full set of drawing functionality.
Node canvas is a Cairo backed Canvas implementation for NodeJS.
$ npm install canvas
If not previously installed, you will want to install the cairo graphics library version >= 1.8.6 first using the package manager available to you, or building from source.
var Canvas = require('canvas')
, canvas = new Canvas(200,200)
, ctx = canvas.getContext('2d');
ctx.font = '30px Impact';
ctx.rotate(.1);
ctx.fillText("Awesome!", 50, 100);
var te = ctx.measureText('Awesome!');
ctx.strokeStyle = 'rgba(0,0,0,0.5)';
ctx.beginPath();
ctx.lineTo(50, 102);
ctx.lineTo(50 + te.width, 102);
ctx.stroke();
console.log('<img src="' + canvas.toDataURL() + '" />');
node-canvas extends the canvas API to provide interfacing with node, for example streaming PNG data, converting to a Buffer
instance, etc. Among the interfacing API, in some cases the drawing API has been extended for SSJS image manipulation / creation usage, however keep in mind these additions may fail to render properly within browsers.
node-canvas adds Image#src=Buffer
support, allowing you to read images from disc, redis, etc and apply them via ctx.drawImage()
. Below we draw scaled down squid png by reading it from the disk with node's I/O.
fs.readFile(__dirname + '/images/squid.png', function(err){
if (err) throw err;
img = new Image;
img.src = squid;
ctx.drawImage(img, 0, 0, img.width / 4, img.height / 4);
});
Below is an example of a canvas drawing it-self as the source several time:
var img = new Image;
img.src = canvas.toBuffer();
ctx.drawImage(img, 0, 0, 50, 50);
ctx.drawImage(img, 50, 0, 50, 50);
ctx.drawImage(img, 100, 0, 50, 50);
To create a PNGStream
simple call canvas.createPNGStream()
, and the stream will start to emit data events, finally emitting end when finished. If an exception occurs the error event is emitted.
var fs = require('fs')
, out = fs.createWriteStream(__dirname + '/text.png')
, stream = canvas.createPNGStream();
stream.on('data', function(chunk){
out.write(chunk);
});
stream.on('end', function(){
console.log('saved png');
});
Currently only sync streaming is supported, however we plan on supporting async streaming as well (of course :) ). Until then the Canvas#toBuffer(callback)
alternative is async utilizing eio_custom()
.
A call to Canvas#toBuffer()
will return a node Buffer
instance containing all of the PNG data.
canvas.toBuffer();
Optionally we may pass a callback function to Canvas#toBuffer()
, and this process will be performed asynchronously, and will callback(err, buf)
.
canvas.toBuffer(function(err, buf){
});
Optionally we may pass a callback function to Canvas#toDataURL()
, and this process will be performed asynchronously, and will callback(err, str)
.
canvas.toDataURL(function(err, str){
});
or specify the mime type:
canvas.toDataURL('image/png', function(err, str){
});
Given one of the values below will alter pattern (gradients, images, etc) render quality, defaults to good.
In addition to those specified and commonly implemented by browsers, the following have been added:
Set anti-aliasing mode
For example:
ctx.antialias = 'none';
Although node-canvas is extremely new, and we have not even begun optimization yet it is already quite fast. For benchmarks vs other node canvas implementations view this gist, or update the submodules and run $ make benchmark
yourself.
Want to contribute to node-canvas? patches for features, bug fixes, documentation, examples and others are certainly welcome. Take a look at the issue queue for existing issues.
Examples are placed in ./examples, be sure to check them out! most produce a png image of the same name, and others such as live-clock.js launch an http server to be viewed in the browser.
If you have not previously, init git submodules:
$ git submodule update --init
Build node-canvas:
$ node-waf configure build
Unit tests:
$ make test
Visual tests:
$ make test-server
Tested with and designed for:
For node 0.2.x node-canvas
<= 0.4.3 may be used,
0.5.0 and above are designed for node 0.4.x only.
(The MIT License)
Copyright (c) 2010 LearnBoost <dev@learnboost.ca>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Canvas graphics API backed by Cairo
The npm package canvas receives a total of 2,357,927 weekly downloads. As such, canvas popularity was classified as popular.
We found that canvas demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.