Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
custom-mxgraph
Advanced tools
mxGraph is a fully client side JavaScript diagramming library that uses SVG and HTML for rendering.
mxGraph is a fully client side JavaScript diagramming library that uses SVG and HTML for rendering. draw.io is our production-grade example that demonstrates extending the functionality of this library and how to deploy it in a secure, scalable manner. The sources to draw.io are also available.
Note this is the release repo, only each release is pushed here. The development repo is https://github.com/jgraph/mxgraph2, submit PRs there.
The PHP model was deprecated after release 4.0.3 and the archive can be found here.
If you want to build something like draw.io, GraphEditor is the best example to use as a base.
The npm build is here
mxGraph supports IE 11, Chrome 43+, Firefox 45+, Safari 10 and later, Opera 30+, Native Android browser 5.1.x+, the default browser in the current and previous major iOS versions (e.g. 13.x and 12.x) and Edge 31+.
The mxGraph library uses no third-party software, it requires no plugins and can be integrated in virtually any framework (it's vanilla JS).
In the root folder there is an index.html file that contains links to all resources. You can view the documentation online on the Github pages branch. The key resources are the JavaScript user manual, the JavaScript examples and the JavaScript API specificiation.
There is a mxgraph tag on Stack Overflow. Please ensure your questions adhere to the SO guidelines, otherwise it will be closed.
You may post on the issues tracker on this Github project, but we expect a similar degree of input from you as Stack Overflow expects. i.e. "Please help me debug this", not "Write/Research/Architect this for me".
We do not provide commercial support. If you are not experienced in using a non-trivial vanilla JavaScript library in a web application, you will struggle using mxGraph. Writing "I am new to JavaScript" followed by "Write/Research/Architect this for me" will mean you get no answer, like everyone else. Find someone with the appropriate skillset for the task and pay/beg them to do it. We write this so your expectations of whether we might help are set before picking the project, not to be offensive.
mxGraph is licensed under the Apache 2.0 license. We do not sell any other license, nor do we have an option for paid support.
We created mxGraph in 2005 as a commercial project and it ran through to 2016 that way. Our USP was the support for non-SVG browsers, when that advantage expired we moved onto commercial activity around draw.io. mxGraph is pretty much feature complete, production tested in many large enterprises and stable for many years. We actively fix bugs and add features since it comprises the base of our draw.io stack.
FAQs
mxGraph is a fully client side JavaScript diagramming library that uses SVG and HTML for rendering.
The npm package custom-mxgraph receives a total of 0 weekly downloads. As such, custom-mxgraph popularity was classified as not popular.
We found that custom-mxgraph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.