Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Epub.js is a JavaScript library for rendering ePub documents in the browser, across many devices.
Epub.js provides an interface for common ebook functions (such as rendering, persistence and pagination) without the need to develop a dedicated application or plugin. Importantly, it has an incredibly permissive Free BSD license.
Try it while reading Moby Dick
The EPUB standard is a widely used and easily convertible format. Many books are currently in this format, and it is convertible to many other formats (such as PDF, Mobi and iBooks).
An unzipped EPUB3 is a collection of HTML5 files, CSS, images and other media – just like any other website. However, it enforces a schema of book components, which allows us to render a book and its parts based on a controlled vocabulary.
More specifically, the EPUB schema standardizes the table of contents, provides a manifest that enables the caching of the entire book, and separates the storage of the content from how it’s displayed.
Get the minified code from the build folder:
<script src="../dist/epub.min.js"></script>
If using archived .epub
files include JSZip:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jszip/3.1.5/jszip.min.js"></script>
Set up a element to render to:
<div id="area"></div>
Create the new ePub, and then render it to that element:
<script>
var book = ePub("url/to/book/package.opf");
var rendition = book.renderTo("area", {width: 600, height: 400});
var displayed = rendition.display();
</script>
book.renderTo("area", { method: "default", width: "100%", height: "100%" });
The default manager only displays a single section at a time.
book.renderTo("area", { method: "continuous", width: "100%", height: "100%" });
The continuous manager will display as many sections as need to fill the screen, and preload the next section offscreen. This enables seamless swiping / scrolling between pages on mobile and desktop, but is less performant than the default method.
book.renderTo("area", { flow: "auto", width: "900", height: "600" });
Flow will be based on the settings in the OPF, defaults to paginated
.
book.renderTo("area", { flow: "paginated", width: "900", height: "600" });
Scrolled: book.renderTo("area", { flow: "scrolled-doc" });
Scripted content, JavasScript the ePub HTML content, is disabled by default due to the potential for executing malicious content.
This is done by sandboxing the iframe the content is rendered into, though it is still recommended to sanitize the ePub content server-side as well.
If a trusted ePub contains interactivity, it can be enabled by passing allowScriptedContent: true
to the Rendition
settings.
<script>
var rendition = book.renderTo("area", {
width: 600,
height: 400,
allowScriptedContent: true
});
</script>
This will allow the sandboxed content to run scripts, but currently makes the sandbox insecure.
API documentation is available at epubjs.org/documentation/0.3/
A Markdown version is included in the repo at documentation/API.md
install node.js
Then install the project dependences with npm
npm install
You can run the reader locally with the command
npm start
Test can be run by Karma from NPM
npm test
Builds are concatenated and minified using webpack and babel
To generate a new build run
npm run prepare
or to continuously build run
npm run watch
Similar to a plugins, Epub.js implements events that can be "hooked" into. Thus you can interact with and manipulate the contents of the book.
Examples of this functionality is loading videos from YouTube links before displaying a chapter's contents or implementing annotation.
Hooks require an event to register to and a can return a promise to block until they are finished.
Example hook:
rendition.hooks.content.register(function(contents, view) {
var elements = contents.document.querySelectorAll('[video]');
var items = Array.prototype.slice.call(elements);
items.forEach(function(item){
// do something with the video item
});
})
The parts of the rendering process that can be hooked into are below.
book.spine.hooks.serialize // Section is being converted to text
book.spine.hooks.content // Section has been loaded and parsed
rendition.hooks.render // Section is rendered to the screen
rendition.hooks.content // Section contents have been loaded
rendition.hooks.unloaded // Section contents are being unloaded
The reader has moved to its own repo at: https://github.com/futurepress/epubjs-reader/
Epub.js Developer Mailing List
IRC Server: freenode.net Channel: #epub.js
Follow us on twitter: @Epubjs
EPUB is a registered trademark of the IDPF.
FAQs
Parse and Render Epubs
The npm package epubjs receives a total of 10,578 weekly downloads. As such, epubjs popularity was classified as popular.
We found that epubjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.