
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
cherry-box
Advanced tools
cherry-box is a Node.js package filled with utilities, which are useful for working with node-canvas.
import { textBox } from "cherry-box";
import Canvas from "canvas";
let canvas = new Canvas.createCanvas(800, 600);
let ctx = canvas.getContext("2d");
let textSchema = [
{
text: "I like cookies!",
color: "#ff8800",
font: "Arial",
modifier: "bold",
shadow: {
offset: [10, 10], blur: 5, color: "red"
},
}
]
textBox(800, 600, textSchema, 200, ['middle', 'center']);
Text schema is made of multiple objects. These objects accepts the following values:
| name | description | example | type | required |
|---|---|---|---|---|
| text | Text to be displayed | Hello world | string | true |
| color | Color of the text | #FFFFFF | string | true |
| shadow | Shadow of the text | shadow | false | |
| font | Font of the text | Arial | string | true |
| modifier | Modifier of the text | bold | string | true |
Example text schema:
[
{
text: "I like cookies!",
color: "#ff8800",
shadow: {
offset: [10, 10], blur: 5, color: "red"
},
font: "Arial",
modifier: "bold"
}
]
Shadow is a JSON object with the following values:
xandyoffsets are relative to the text size. For example usex: 10, y: 10for minecraft font.
| name | description | example | type | required |
|---|---|---|---|---|
| color | Color of the shadow | #FFFFFF | string | true |
| blur | Blur of the shadow | 5 | number | true |
| offset | X and Y offset of the shadow | [10, 5] | array | true |
textBox is an easy way to align your text, decrease font size to fit in an area and more.
| name | description | example | type | required |
|---|---|---|---|---|
| x | X position of the textbox | 0 | number | true |
| y | Y position of the textbox | 0 | number | true |
| width | Width of the textbox | 100 | number | true |
| height | Height of the textbox | 100 | number | true |
| text | Text to be displayed | textSchema | true | |
| maxFont | Max font size of the text | 100 | number | true |
| fontName | Font of the text | Arial | string | true |
| align | Align of the text | array | true |
left, center or righttop, middle or bottomExample: ['top', 'middle']
Example use of textBox in your code:
textBox(ctx, 0, 0, canvas.width, canvas.height-20, upperText, 80, ["bottom", "center"]);
wrapText is a function similar to textBox, but it doesn't just align the text. It also wraps the text to fit in the specified width.
| name | description | example | type | required |
|---|---|---|---|---|
| ctx | Canvas context | object | true | |
| x | X coordinate of the text box | 0 | number | true |
| y | Y coordinate of the text box | 0 | number | true |
| width | Width of the text box | 100 | number | true |
| text | Text to be displayed | textSchema | true | |
| fontSize | Font size of the text | 100 | number | true |
| align | Align of the text | justify | string | true |
leftcenterrightjustifyExample use of wrapText in your code:
wrapText(ctx, 0, 0, canvas.width, wrapTextBox, 20, 'justify');
FAQs
A node-canvas package filled with utilities, manage text boxes easily and more
The npm package cherry-box receives a total of 94 weekly downloads. As such, cherry-box popularity was classified as not popular.
We found that cherry-box demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.