Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
CriticalJS is a JavaScript library which enables you to improve the perceived performance of your site
CriticalJS is a JavaScript library which enables you to improve the perceived performance of your site. It does this by deferring the loading of your main JavaScript and catching any user interactions so that they can be later handled by the main JavaScript once it loads.
The simplest way to use CriticalJS is to include the critical.min.js file in your page and then specify a data attribute with the location of the main JavaScript that is to be deferred.
<script src="criticaljs.min.js" data-deferredjs="main.js"></script>
Having included CriticalJS in the page and set the path to the main JavaScript that is being defered, we now need to setup elements which we intend to defer events for. In order to do this we need to set a data attribute data-deferred
specifying the events to be deffered. This accepts any of the event types you would normally attach using addEventListener
such as click
and touchstart
.
<button data-deferred=“click touchstart”>
Click Me
</button>
Once our main JavaScript has loaded, you will need to determine whether a user has interacted with an element so that you are able to handle it.
criticaljs.deferred(element, 'click')
We are currently targetting supporting Firefox, Android Browser, Chrome, Safari, Opera and Internet Explorer 9+. Testing is in the early stages and any help would be welcomed.
We have put together a useful guide on how you can contribute to CriticalJS in the CONTRIBUTE.md file in this repo.
FAQs
CriticalJS is a JavaScript library which enables you to improve the perceived performance of your site
The npm package criticaljs receives a total of 0 weekly downloads. As such, criticaljs popularity was classified as not popular.
We found that criticaljs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.