Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Eliminates layout thrashing by batching DOM read/write operations (~600 bytes minified gzipped).
fastdom.measure(() => {
console.log('measure');
});
fastdom.mutate(() => {
console.log('mutate');
});
fastdom.measure(() => {
console.log('measure');
});
fastdom.mutate(() => {
console.log('mutate');
});
Outputs:
measure
measure
mutate
mutate
FastDom is CommonJS and AMD compatible, you can install it in one of the following ways:
$ npm install fastdom --save
or download.
FastDom works as a regulatory layer between your app/library and the DOM. By batching DOM access we avoid unnecessary document reflows and dramatically speed up layout performance.
Each measure/mutate job is added to a corresponding measure/mutate queue. The queues are emptied (reads, then writes) at the turn of the next frame using window.requestAnimationFrame
.
FastDom aims to behave like a singleton across all modules in your app. When any module requires 'fastdom'
they get the same instance back, meaning FastDom can harmonize DOM access app-wide.
Potentially a third-party library could depend on FastDom, and better integrate within an app that itself uses it.
Schedules a job for the 'measure' queue. Returns a unique ID that can be used to clear the scheduled job.
fastdom.measure(() => {
const width = element.clientWidth;
});
Schedules a job for the 'mutate' queue. Returns a unique ID that can be used to clear the scheduled job.
fastdom.mutate(() => {
element.style.width = width + 'px';
});
Clears any scheduled job.
const read = fastdom.measure(() => {});
const write = fastdom.mutate(() => {});
fastdom.clear(read);
fastdom.clear(write);
It's very important that all DOM mutations or measurements go through fastdom
to ensure good performance; to help you with this we wrote fastdom-strict
. When fastdom-strict.js
is loaded, it will throw errors when sensitive DOM APIs are called at the wrong time.
This is useful when working with a large team who might not all be aware of fastdom
or its benefits. It can also prove useful for catching 'un-fastdom-ed' code when migrating an app to fastdom
.
<script src="fastdom.js"></script>
<script src="fastdom-strict.js"></script>
element.clientWidth; // throws
fastdom.mutate(function() { element.clientWidth; }); // throws
fastdom.measure(function() { element.clientWidth; }); // does not throw
"Error: Can only get .clientWidth during 'measure' phase"
fastdom-strict
will not throw if nodes are not attached to the document.fastdom-strict
in development to catch rendering performance issues before they hit production.fastdom-strict
in production.FastDom is async, this can therefore mean that when a job comes around to being executed, the node you were working with may no longer be there. These errors are usually not critical, but they can cripple your app.
FastDom allows you to register a catch
handler. If fastdom.catch
has been registered, FastDom will catch any errors that occur in your jobs, and run the handler instead.
fastdom.catch = (error) => {
// Do something if you want
};
The core fastdom
library is designed to be as light as possible. Additional functionality can be bolted on in the form of 'extensions'. It's worth noting that fastdom
is a 'singleton' by design, so all tasks (even those scheduled by extensions) will reach the same global task queue.
Fastdom ships with some extensions:
fastdom-promised
- Adds Promise based APIfastdom-sandbox
- Adds task grouping conceptsUse the .extend()
method to extend the current fastdom
to create a new object.
<script src="fastdom.js"></script>
<script src="extensions/fastdom-promised.js"></script>
// extend fastdom
const myFastdom = fastdom.extend(fastdomPromised);
// use new api
myFastdom.mutate(...).then(...);
Extensions can be chained to construct a fully customised fastdom
.
const myFastdom = fastdom
.extend(fastdomPromised)
.extend(fastdomSandbox);
const myFastdom = fastdom.extend({
measure(fn, ctx) {
// do custom stuff ...
// then call the parent method
return this.fastdom.measure(fn, ctx);
},
mutate: ...
});
You'll notice this.fastdom
references the parent fastdom
. If you're extending a core API and aren't calling the parent method, you're doing something wrong.
When distributing an extension only export a plain object to allow users to compose their own fastdom
.
module.exports = {
measure: ...,
mutate: ...,
clear: ...
};
$ npm install
$ npm test
(The MIT License)
Copyright (c) 2016 Wilson Page wilsonpage@me.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Eliminates layout thrashing by batching DOM read/write operations
The npm package fastdom receives a total of 44,285 weekly downloads. As such, fastdom popularity was classified as popular.
We found that fastdom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.