Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
ebay-font 
ebay-font is the module used at eBay to load custom web fonts. It uses a strategy to avoid both FOUT and FOIT. This can be considered equivalent to the new CSS @font-face descriptor font-display: optional. Unfortunately, font-display is relatively new and hence its adoption among browsers is not widespread. So for now, this module leverages localStorage, FontFaceSet API and the Font Face Observer utility (as a backup if FontFaceSet API is not present) to provide the same functionality as font-display: optional.
ebay-font is paired along with eBay's custom font 'Market Sans'. But feel free to change it to any custom font URL of your choice.
Please refer to the detailed blog post "eBay’s Font Loading Strategy" for a full overview of how this module works.
Usage
ebay-font can be used along with other eBay open source modules Skin, Marko & Lasso, as well as in standalone mode. If you are in the eBay workflow environment, please follow the below steps
- Install and save the module
npm install ebay-font --save
- Add dependency in your page
browser.json
"ebay-font/browser.json"
- The module exposes a tag
<ebay-font>to embed in the<head>tag of page HTML
<html>
<head>
<ebay-font/>
...
</head>
...
</html>
- Note: If your website uses Content Security Policy (CSP), you can pass the CSP nonce value to
<ebay-font>tag
...
<ebay-font nonce="4AEemGb0xJptoIGFP3Nd"/>
...
Standalone
-
Copy paste this CSS and JavaScript tag snippet in the
<head>tag of your page -
Include the generated JavaScript file fontloader.standalone.js in the footer
<script async src="fontloader.standalone.js"></script>
Browser support
- Chrome (desktop & Android)
- Firefox
- Opera
- Safari (desktop & iOS)
- IE8+
- Android WebKit
Issues
Have a bug or a feature request? Please open a new issue
Open browser issues
- Chrome — Very randomly on a new session, all font formats are getting downloaded if
font-displayis present in thefont-face. Filed a bug to track it.
Maintainers
Contribute
Pull Requests welcome. Please submit Github issues for any feature enhancements, bugs or documentation problems.
License
Copyright (c) 2017 eBay Inc.
Released under the MIT License
FAQs
A module to load ebay font
The npm package ebay-font receives a total of 4 weekly downloads. As such, ebay-font popularity was classified as not popular.
We found that ebay-font demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 21 Apr 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024