Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Add the following script on your HTML:
<head>
<script type="text/javascript" charset="utf-8" src="http://cdn.clappr.io/latest/clappr.min.js"></script>
</head>
Now, create the player:
<body>
<div id="player"></div>
<script>
var playerEl = document.getElementById("player");
var player = new Clappr.Player({source: "http://your.video/here.mp4"});
player.attachTo(playerEl);
</script>
</body>
Format | IE10 | IE11 | Firefox | Chrome | Safari | iPhone | iPad | Android |
---|---|---|---|---|---|---|---|---|
HLS | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
MP4 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
MP3 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
DASH | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: |
RTMP | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_multiplication_x: | :heavy_multiplication_x: | :heavy_multiplication_x: |
All parameters listed below shall be added on Clappr.Player
object instantiation. Example:
var player = new Clappr.Player({
source: "http://your.video/here.mp4",
parameter1: "value1",
parameter2: "value2",
});
You can set the player size setting width
and height
parameters.
Add autoPlay: true
if you want the video to automatic play after page load.
If you want to play the video when it appears partially on screen, set autoPlayVisible: 'partial'
. In case you want the player to play when it is full visible, autoPlayVisible: 'full'
.
Add mute: true
if you want to start player with no sound.
In case you're loading a on demand video (mp4), it's possible to define the way the video will be preloaded according to preload attribute options. Add preload: <type>
on embed parameters. By default, Clappr will try to download only video metadata (preload: 'metadata'
).
Enable Google Analytics events dispatch (play/pause/stop/buffering/etc) adding your gaAccount
. Optionally, pass your favorite trackerName as gaTrackerName
. Example:
var player = new Clappr.Player({
source: "http://your.video/here.mp4",
gaAccount: 'UA-44332211-1',
gaTracker: 'MyPlayerInstance'
});
Customize control bar colors adding mediacontrol
hash. Example:
var player = new Clappr.Player({
source: "http://your.video/here.mp4",
mediacontrol: {seekbar: "#E113D3", buttons: "#66B2FF"}
});
Result:
I'm sure you can do better than me.
If you want to disable media control auto hide, add hideMediaControl: false
in your embed parameters.
Put watermark: http://url/img.png
on your embed parameters to automatically add watermark on your video. Choose corner position by defining position parameter. Positions can be bottom-left
, bottom-right
, top-left
and top-right
. Example:
var player = new Clappr.Player({
source: "http://your.video/here.mp4",
watermark: "http://url/img.png", position: 'top-right'
});
Define a poster by adding poster: http://url/img.png
on your embed parameters. It will appear after video embed, disappear on play and go back when user stops the video.
Clappr has a native statistics plugin that accounts QoE metrics such playing time, rebuffering time, total rebuffers, etc. Metrics report happens periodically, learn how to access these numbers on Create your own plugin session.
Clappr is under heavy development but production-ready. Feel free to open issues and send us pull requests.
Clone the project and install gulp:
npm install -g gulp
Then enter the project directory and install the dependencies:
npm install
Make your changes and build your own version:
gulp build
Check the result on dist/
folder.
The culprits of this project are listed here.
In general, we follow the fork-and-pull git workflow:
:warning: Be sure to merge the latest from "upstream" before making a pull request.
FAQs
An extensible media player for the web
The npm package clappr receives a total of 1,767 weekly downloads. As such, clappr popularity was classified as popular.
We found that clappr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.