Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
detached-jquery-1.7.2
Advanced tools
Module for creating multiple jQuery instances, detached from the global namespace (window).
NPM module that allows you to get multiple jQuery instances that are "detached" from the global namespace (window
)
i.e. different versions of jQuery and/or multiple instances of the same version.
TODO Rename package to "jquery-detached" once we figure out of this is going to work. Do a global s&r
Install Package:
npm install --save detached-jquery-<jquery-version>
Of course, the above will depend on whether or not we have published that exact version of jquery. The easiest way to see the versions we have published is to look at the branch names on GutHub
Having run into issues using a single shared jQuery instance across multiple libraries/apps running a browser, each requiring different versions of jQuery, or unwittingly polluting the shared jQuery instance with extensions that conflict with each other.
Creating multiple instances of jQuery should be avoided if possible, but only when that shared instance is not being polluted. When running in an environments where it is known to be safe to use a shared jQuery instance e.g. a closed environment, where everything is controlled (extensions etc), or in an environment where this shared instance is not modified through extension.
var jQuery = require('detached-jquery-<jquery-version>');
var $ = jQuery.getJQuery();
var myDivs = $('.myDivs');
// etc...
This is intended for use only with libraries that extend jQuery (e.g. Twitter Bootstrap, jQuery UI), allowing them to get a clean jQuery instance to extend. This should then allow these libraries to work in isolation from each other in environments where multiple libraries and frameworks need to be able to co-exist e.g. in the Jenkins CI ecosystem, where there are 1000+ plugins, any of which may be using a variety of different JavaScript libraries that depend on jQuery (and different versions of jQuery).
var jQuery = require('detached-jquery-<jquery-version>');
var $ = jQuery.newJQuery();
//
// Do something with your jQuery/$ instance. See notes below.
//
As regards what needs to be done with your $
, you probably need to perform a noConflict
equivalent operation.
Here are some random thoughts:
jQuery
and $
globals, if any (ala noConflict
)$
on window.$
and window.jQuery
$
instance$
somewhere that you can ref it again easily e.g. some other special/private namespacenoConflict
)FAQs
Module for creating multiple jQuery instances, detached from the global namespace (window).
We found that detached-jquery-1.7.2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.