Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Accessible combobox module
$ npm install combobo
Just include combobo.js
(window.Combobo
will be set)
<body>
<script src="./node_modules/combobo/dist/combobo.js"></script>
<script>
var combobo = new Combobo();
</script>
</body>
<script src="https://unpkg.com/combobo"></script>
import Combobo from 'combobo'; // or require('combobo')
const combobo = new Combobo();
input
(HTMLElement|String): The selector for the input (combobox) element or the input element reference.
.combobox
list
(HTMLElement|String): The selector for the list element or the list element reference.
.listbox
options
(Array|String): An array of HTMLElements or a string selector (to be qualified within the list element).
.option
groups
(Array|String): An array of HTMLElements or a string selector (to be qualified within the list element)openClass
(String): Class name that gets added when list is open.
open
activeClass
(String): Class name that gets added when active is triggered
active
selectedClass
(String): Class name that gets added when list item is selected
selectedClass
allowEmpty
(Boolean): If completely clear selection should be allowed (if field is required, false
is probably what you want).
true
useLiveRegion
(Boolean): Determines whether or not to use Live Region (due to spotty AT support, aria-activedescendant
will be used also). As of right now, it is recommended that you leave useLiveRegion
on due to VoiceOver's lack of support for aria-activedescendant
.
true
multiselect
(Boolean): Determines whether or not to enable multiselect features
false
noResultsText
(String): Sets text for when there are no matchesselectionValue
(Function): A function that should return what the desired value of the input should be upon selection (this is especially useful for multiselect in that you can configure custom input values like {3 Items Selected}
). An array of the selected options is passed as the one argument to the function.optionValue
(Function|String): A function that should return the desired markup of each option in the list (this allows for custom display of each option based on what is currently typed in the field) OR a string class that is to be added to the span that will be wrapped around the matched text in each option.announcement
(Object): An object containing the following properties:
count
(Function): Announcement of currently selected items in list. The function accepts 1 argument which is the number of options selected.
function (n) { return n + ' options available'; }
selected
(String): The desired text to be used to inform AT that an option is selected (This is only applicable if useLiveRegion is true
)
"Selected."
groupChange
(Function): The desired text to be announced when a group change occurs (as a result of arrow-key traversal of options). This is obviously only applicable if groups
are used (see above for info on options.groups
)
function groupChangeHandler(newGroup) {
var groupLabel = newGroup.querySelector('.optgroup-label').innerText;
var len = Array.prototype.slice.call(
newGroup.querySelectorAll('.option')
).filter(function (opt) {
return opt.style.display !== 'none';
}).length;
return groupLabel + ' group entered, with ' + len + ' options.';
}
filter
(String|Function): A filter-type string ('contains'
, 'starts-with'
, or 'equals'
) or a function that returns a array of filtered options.
'contains'
autoFilter
(Boolean): To enable / disable filterng options on front end. If the developer wants to filter options from the server, then it should be false
'true'
var combobo = new Combobo({
input: '.combobox',
list: '.listbox',
options: '.option', // qualified within `list`
groups: null, // qualified within `list`
openClass: 'open',
activeClass: 'active',
selectedClass: 'selected',
useLiveRegion: true,
multiselect: false,
noResultsText: null,
selectionValue: (selecteds) => selecteds.map((s) => s.innerText.trim()).join(' - '),
optionValue: 'underline', // wrap the matched portion of the option (if applicable) in a span with class "underline"
announcement: {
count: (n) => `${n} options available`,
selected: 'Selected.'
},
filter: 'contains' // 'starts-with', 'equals', or funk,
autoFilter: true // 'true' or 'false' default true
});
Add an event listener with .on
, remove event listener with .off
(see example below)
list:open
: Fires when the list is in an open state.list:close
: Fires when the list is in a closed state.deselection
: Fires when a selected element is deselected.selection
: Fires when an item in the list is selected.change
: Fires each time an option is made active (either through arrow key traversal or hover).var combobo = new Combobo();
combobo
.on('change', function () {
console.log('stuff has changed and stuff');
})
.on('selection', function () {
console.log('selection made!');
});
goTo
: accepts 1 argument which is either a String ('prev' or 'next'), which as it sounds will navigate Combobo to the previous or next option, or the index (Number) of the option to be traversed to. NOTE: This method does not select the option but rather highlights it as if the option is hovered or arrowed to.select
: selects the currently highlighted optiongetOptIndex
: returns the index (within the currently visible options) of the currently selected option.reset
: clears the filters and deselects any currently selected options.setOptions
: accepts 1 argument which is HTML code in String format. Adds one option to the existing dropdown list.setNoResultFound
: shows the No results found in dropdown if the matching options not availableemptyDropdownList
: Empty the options in the dropdown listupdateSelectedOptions
: Empty all the options and update with selected options in the listsetCurrentOptions
: Sets the current Option from the current options list// move 5 options forward and select the option
combobo
.goTo(combobo.getOptIndex() + 5)
.select();
// adds an option to the dropdown list
combobo
.setOptions(`<li>Some Option</li>`);
FAQs
Accessible combobox widget/plugin
The npm package combobo receives a total of 4,699 weekly downloads. As such, combobo popularity was classified as popular.
We found that combobo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.