Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
DeepAR Web is an augmented reality SDK that allows users to integrate advanced, Snapchat-like face lenses in the browser environment.
DeepAR Web supports:
❗ DeepAR Web works only in the browser (not Node.js).
In order to use the DeepAR Web SDK you need to set up a license key for your web app on developer.deepar.ai.
⚠️ The license key property is required both in a production and development (localhost) environment. Development sessions will not count towards your monthly active usage.
Using npm
:
$ npm install deepar
Using yarn
:
$ yarn add deepar
DeepAR requires a canvas element for the preview of camera, masks, filters and effects. You can add it directly in the HTML.
<canvas width="1280" height="720"></canvas>
Or you can create it in Javascript.
const canvas = document.createElement("canvas");
canvas.width = 1280;
canvas.height = 720;
⚠️ Note: Be sure to set
width
andheight
properties of thecanvas
!
You can always change the canvas dimensions and they don't have to match the input video resolution. DeepAR will fit the input camera/video stream correctly to any canvas size.
There are two main ways to get deepar.js in your JavaScript project: via script tags or by installing it from NPM and using a build tool like Parcel, WebPack, or Rollup.
Add the following code to an HTML file:
<html>
<head>
<!-- Load deepar.js -->
<script src="https://cdn.jsdelivr.net/npm/deepar/js/deepar.js"> </script>
</head>
<body>
<!-- Canvas element for AR preview -->
<canvas width="640" height="360" id="deepar-canvas"></canvas>
<!-- Initialize DeepAR and load AR effect/filter -->
<script>
(async function() {
const deepAR = await deepar.initialize({
licenseKey: 'your_license_key_here',
canvas: document.getElementById('deepar-canvas'),
effect: 'https://cdn.jsdelivr.net/npm/deepar/effects/aviators'
});
})();
</script>
</body>
</html>
Alternatively, you can import DeepAR as an ES6 module.
Via <script type="module">
.
<script type="module">
import * as deepar from 'https://cdn.jsdelivr.net/npm/deepar/js/deepar.esm.js';
</script>
Or via dynamic import.
const deepar = await import('https://cdn.jsdelivr.net/npm/deepar/js/deepar.esm.js');
Add deepar.js to your project using yarn or npm.
Note: Because we use ES2017 syntax (such as import), this workflow assumes you are using a modern browser or a bundler/transpiler to convert your code to something older browsers understand. However, you are free to use any build tool that you prefer.
import * as deepar from 'deepar';
const deepAR = await deepar.initialize({
licenseKey: 'your_license_key_here',
canvas: document.getElementById('deepar-canvas'),
effect: 'https://cdn.jsdelivr.net/npm/deepar/effects/aviators'
});
AR filters are represented by effect files in DeepAR. You can load them to preview the effect.
Places you can get DeepAR effects:
Load an effect using the switchEffect
method:
await deepAR.switchEffect('path/to/effect/alien');
Take a screenshot.
// The image is a data url.
const image = await deepAR.takeScreenshot();
Shoot a video.
deepAR.startVideoRecording();
// Video is now recording...
// When user is ready to stop recording.
const video = await deepAR.finishVideoRecording();
DeepAR has some callbacks you can implement for additional informations. For example, to check if feet are visible in the camera preview.
await deepAR.switchEffect('https://cdn.jsdelivr.net/npm/deepar/effects/Shoe');
deepAR.callbacks.onFeetTracked = (leftFoot, rightFoot) => {
if(leftFoot.detected && rightFoot.detected) {
console.log('Both foot detected!');
} else if (leftFoot.detected) {
console.log('Left foot detected!');
} else if (rightFoot.detected) {
console.log('Right foot detected!');
} else {
console.log('No feet detected!');
}
};
To remove callback if you don't need it anymore.
deepAR.callbacks.onFeetTracked = undefined;
DeepAR will by default use the user facing camera. It will also ask the camera permission from the user.
Use the back camera on the phones:
const deepAR = await deepar.initialize({
// ...
additionalOptions: {
cameraConfig: {
facingMode: 'environment'
}
}
});
Set up your own camera or custom video source:
const deepAR = await deepar.initialize({
// ...
additionalOptions: {
cameraConfig: {
disableDefaultCamera: true
}
}
});
// HTMLVideoElement that can contain camera or any video.
const video = ...;
deepAR.setVideoElement(video, true);
Initialize DeepAR but start the camera later. This is used when you do not want to ask the camera permission right away.
const deepAR = await deepar.initialize({
// ...
additionalOptions: {
cameraConfig: {
disableDefaultCamera: true
}
}
});
// When you want to ask the camera permission and start the camera.
await deepAR.startCamera();
Apart from the main deepar.js file and AR effect files, DeepAR uses additional files like:
Some of them are required and will be downloaded every time. The others will be lazy downloaded when/if needed.
⚠️ DeepAR will by default automatically fetch all additional resources from the JsDelivr CDN.
Fetching files from JsDelivr is not recommended if you care about download speeds of DeepAR Web resources. This is because the files on JsDelivr are not compressed.
To optimize download speeds, all the DeepAR files should be compressed. It is recommended to serve DeepAR files from your own server or some CDN which supports file compression.
If it is supported, you should use GZip or Brotli compression on all DeepAR files which will significantly reduce the SDK size. Check out your server/CDN options for compressing files.
DeepAR Web can be downloaded from DeepAR Developer Portal. But since most users will install DeepAR through NPM, follow the next instructions.
It is recommended to copy ./node_modules/deepar
directory which contains all the DeepAR
files into your distribution (dist) folder.
You can use rootPath
to set a path to the custom root of the DeepAR SDK. All additional files
that need to be fetched by DeepAR will be resolved against the given rootPath
.
const deepAR = await deepar.initialize({
// ...
rootPath: 'path/to/root/deepar/directory'
});
It is recommended to setup the copying of the DeepAR directory as part of you bundler build scripts, in case you ever need to updated to a newer version of DeepAR.
Another option, instead of using the DeepAR directory and copying it as-is, is to specify a path to each file. The advantage of this is that you can use the bundler to keep track of your files.
For example, if using Webpack, you can use it's asset modules to import all the files needed.
Pass the file paths in additionalOptions
.
const deepAR = await deepar.initialize({
// ...
additinalOptions: {
faceTrackingConfig: {
modelPath: "path/to/deepar/models/face/models-68-extreme.bin"
},
segmentationConfig: {
modelPath: "path/to/deepar/models/segmentation/segmentation-160x160-opt.bin"
},
footTrackingConfig: {
poseEstimationWasmPath: "path/to/deepar/wasm/libxzimgPoseEstimation.wasm",
detectorPath: "path/to/deepar/models/foot/foot-detection-96x96x6.bin",
trackerPath: "path/to/deepar/models/foot/foot-tracker-96x96x18-test.bin",
objPath: "path/to/deepar/models/foot/foot-model.obj",
tfjsBackendWasmPath: "path/to/deepar/wasm/tfjs-backend-wasm.wasm",
tfjsBackendWasmSimdPath: "path/to/deepar/wasm/tfjs-backend-wasm-simd.wasm",
tfjsBackendWasmThreadedSimdPath: "path/to/deepar/wasm/tfjs-backend-wasm-threaded-simd.wasm",
},
deeparWasmPath: 'path/to/deepar/wasm/deepar.wasm'
}
});
Please see: https://developer.deepar.ai/customer-agreement
FAQs
The official DeepAR Web SDK
The npm package deepar receives a total of 234 weekly downloads. As such, deepar popularity was classified as not popular.
We found that deepar demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.