Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
enketo-core
Advanced tools
Extensible Enketo core containing the form logic engine and responsive form styling
The engine that powers Enketo Smart Paper and various third party tools.
This repo is meant to use as a building block for any enketo-powered application.
Follow the Enketo blog or Enketo on twitter to stay up to date.
npm install enketo-core --save
or include as a git submodule.?xform=http://myforms.com/myform.xml
to use API).media="print"
).
var Form = require('enketo-core');
// The XSL transformation result contains a HTML Form and XML instance.
// These can be obtained dynamically on the client, or at the server/
// In this example we assume the HTML was injected at the server and modelStr
// was injected as a global variable inside a <script> tag.
// required string of the jquery selector of the HTML Form DOM element
var formSelector = 'form.or:eq(0)';
// required object containing data for the form
var data = {
// required string of the default instance defined in the XForm
modelStr: globalXMLInstance,
// optional string of an existing instance to be edited
instanceStr: null,
// optional boolean whether this instance has ever been submitted before
submitted: false,
// optional array of external data objects containing:
// {id: 'someInstanceId', xmlStr: '<root>external instance content</root>'}
external = []
};
// instantiate a form, with 2 parameters
var form = new Form( formSelector, data);
// initialize the form and capture any load errors
var loadErrors = form.init();
// submit button handler for validate button
$( '#submit' ).on( 'click', function() {
form.validate()
.then(function (valid){
if ( !valid ) {
alert( 'Form contains errors. Please see fields marked in red.' );
} else {
// Record is valid!
var record = form.getDataStr();
// reset the form view
form.resetView();
// reinstantiate a new form with the default model
form = new Form( formSelector, { modelStr: modelStr } );
// do what you want with the record
}
});
} );
The following browsers are officially supported:
We have to admit we do not test on all of these, but are committed to fixing browser-specific bugs that are reported for these browsers. Naturally, older browsers versions will often work as well - they are just not officially supported. Note that some applications using Enketo Core (e.g. Enketo Express) may have more limited browser support.
npm install
grunt
grunt develop
To create new widgets, we recommend using this plugin template. The option {touch: [boolean]}, is added automatically to all widgets to indicate whether the client is using a touchscreen device.
Each widget needs to fulfill following requirements:
widget
css class to any new elements it adds to the DOM (but not to their children)ignore
classdestroy(element)
to totally destroy widgets in repeat groups/questions when these groups/questions are cloned This may be an empty function if:
$.clone(true, true)
of the widget (incl data and eventhandlers) works without problems (problems are likely!)enable()
to enable the widget when a disabled ancestor gets enabled. This may be an empty function if that happens automatically.disable()
This may be an empty function if the widgets gets disabled automatically cross-browser when its branch becomes irrelevant.update()
to update the widget when called after the content used to instantiate it has changed (language or options). In its simplest form this could simply call destroy() and then re-initialize the widget, or be an empty function if language changes are handled automatically and it is not a <select>
widget.this.namespace
){ touch: [boolean] }
is passed to the plugin by default. If your widget requires tweaks for mobile, you could create an all-in-one widget using the options.touch
check or you could create separate widgets for desktop and mobile (as done with select-desktop and select-mobile widgets)fakefocus
and fakeblur
event to the original input when the widget gets focus or looses it (see select-desktop)grunt develop
to automatically compile (sass and js) when a source file changes, serve, and refreshtouch=true
and reducing the window size allows you to simulate mobile touchscreenstest
task. You can also manually run grunt jsbeautifier:fix
to fix style issues.grunt karma
, headless: grunt karma:headless
, browsers: grunt karma:browsers
)The core can be fairly easily extended with alternative themes. See the plain, the grid, and the formhub themes already included in /src/sass. We would be happy to discuss whether your contribution should be a part of the core, the default theme or be turned into a new theme.
For custom themes that go beyond just changing colors and fonts, keep in mind all the different contexts for a theme:
The development of this app and enketo-core was sponsored by:
See change log
See graphs
See license document.
In addition, any product that uses enketo-core is required to have a "Powered by Enketo" footer, according to the specifications below, on all screens in which enketo-core or parts thereof, are used, unless explicity exempted from this requirement by Enketo LLC in writing. Partners and sponsors of the Enketo Project, listed on https://enketo.org/#about and on this page are exempted from this requirements and so are contributors listed in package.json.
The aim of this requirement is to force adopters to give something back to the Enketo project, by at least spreading the word and thereby encouraging further adoption.
Specifications:
Example:
FAQs
Extensible Enketo form engine
The npm package enketo-core receives a total of 249 weekly downloads. As such, enketo-core popularity was classified as not popular.
We found that enketo-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.