Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
FastClick is a simple, easy-to-use library for eliminating the 300ms delay between a physical tap and the firing of a click
event on mobile browsers. The aim is to make your application feel less laggy and more responsive while avoiding any interference with your current logic.
FastClick is developed by FT Labs, part of the Financial Times.
According to Google:
...mobile browsers will wait approximately 300ms from the time that you tap the button to fire the click event. The reason for this is that the browser is waiting to see if you are actually performing a double tap.
The library has been deployed as part of the FT Web App and is tried and tested on the following mobile browsers:
FastClick doesn't attach any listeners on desktop browsers.
Chrome 32+ on Android with width=device-width
in the viewport meta tag doesn't have a 300ms delay, therefore listeners aren't attached.
<meta name="viewport" content="width=device-width, initial-scale=1">
Same goes for Chrome on Android (all versions) with user-scalable=no
in the viewport meta tag. But be aware that user-scalable=no
also disables pinch zooming, which may be an accessibility concern.
For IE11+, you can use touch-action: manipulation;
to disable double-tap-to-zoom on certain elements (like links and buttons). For IE10 use -ms-touch-action: manipulation
.
Include fastclick.js in your JavaScript bundle or add it to your HTML page like this:
<script type='application/javascript' src='/path/to/fastclick.js'></script>
The script must be loaded prior to instantiating FastClick on any element of the page.
To instantiate FastClick on the body
, which is the recommended method of use:
if ('addEventListener' in document) {
document.addEventListener('DOMContentLoaded', function() {
FastClick.attach(document.body);
}, false);
}
Or, if you're using jQuery:
$(function() {
FastClick.attach(document.body);
});
If you're using Browserify or another CommonJS-style module system, the FastClick.attach
function will be returned when you call require('fastclick')
. As a result, the easiest way to use FastClick with these loaders is as follows:
var attachFastClick = require('fastclick');
attachFastClick(document.body);
Run make
to build a minified version of FastClick using the Closure Compiler REST API. The minified file is saved to build/fastclick.min.js
or you can download a pre-minified version.
Note: the pre-minified version is built using our build service which exposes the FastClick
object through Origami.fastclick
and will have the Browserify/CommonJS API (see above).
var attachFastClick = Origami.fastclick;
attachFastClick(document.body);
FastClick has AMD (Asynchronous Module Definition) support. This allows it to be lazy-loaded with an AMD loader, such as RequireJS. Note that when using the AMD style require, the full FastClick
object will be returned, not FastClick.attach
var FastClick = require('fastclick');
FastClick.attach(document.body, options);
You can install FastClick using Component, npm or Bower.
For Ruby, there's a third-party gem called fastclick-rails. For .NET there's a NuGet package.
needsclick
Sometimes you need FastClick to ignore certain elements. You can do this easily by adding the needsclick
class.
<a class="needsclick">Ignored by FastClick</a>
Internally, FastClick uses document.createEvent
to fire a synthetic click
event as soon as touchend
is fired by the browser. It then suppresses the additional click
event created by the browser after that. In some cases, the non-synthetic click
event created by the browser is required, as described in the triggering focus example.
This is where the needsclick
class comes in. Add the class to any element that requires a non-synthetic click.
Another example of when to use the needsclick
class is with dropdowns in Twitter Bootstrap 2.2.2. Bootstrap add its own touchstart
listener for dropdowns, so you want to tell FastClick to ignore those. If you don't, touch devices will automatically close the dropdown as soon as it is clicked, because both FastClick and Bootstrap execute the synthetic click, one opens the dropdown, the second closes it immediately after.
<a class="dropdown-toggle needsclick" data-toggle="dropdown">Dropdown</a>
FastClick is designed to cope with many different browser oddities. Here are some examples to illustrate this:
click
handlerThere are no automated tests. The files in tests/
are manual reduced test cases. We've had a think about how best to test these cases, but they tend to be very browser/device specific and sometimes subjective which means it's not so trivial to test.
FastClick is maintained by Rowan Beentje, Matthew Caruana Galizia and Matthew Andrews at FT Labs. All open source code released by FT Labs is licenced under the MIT licence. We welcome comments, feedback and suggestions. Please feel free to raise an issue or pull request.
FAQs
Polyfill to remove click delays on browsers with touch UIs.
The npm package fastclick receives a total of 45,368 weekly downloads. As such, fastclick popularity was classified as popular.
We found that fastclick demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.