
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
dragula-constrain
Advanced tools
Constrain mirrors to their containers with Dragula, similar to jQuery UI draggable's contain.
Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
You can install the package via npm:
$ npm install dragula-constrain
dragula-constrain
supports at least all modern browsers, starting from IE10.
import dragula from 'dragula';
import constrain from 'dragula-constrain';
// Set up `myContainer` and `options`..?
const dragula = dragula(myContainer, options);
constrain(dragula);
That's it! The mirror shouldn't spill out of the container anymore while dragging.
This package assumes that the mirror has a fixed position, and the container is non-fixed. It currently only supports constraining mirrors to Dragula's first container (custom container support might get implemented in the future).
Please see CHANGELOG for more information what has changed recently.
$ npm run test
Please see CONTRIBUTING for details.
If you discover any security related issues, please contact Sebastian De Deyne instead of using the issue tracker.
Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
The MIT License (MIT). Please see License File for more information.
1.0.0
FAQs
Constrain mirrors to their containers with Dragula
The npm package dragula-constrain receives a total of 8 weekly downloads. As such, dragula-constrain popularity was classified as not popular.
We found that dragula-constrain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.