Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
first-input-delay
Advanced tools
A JavaScript library for measuring the First Input Delay metric. See https://goo.gl/1AKcj5.
A JavaScript library for measuring First Input Delay (FID) in the browser. See the article for a detailed metric description and explanation.
You can install this library from npm by running:
npm install --save-dev first-input-delay
To use this library to measure FID on your web site or application, you must do two things.
1) Add the minified code in dist/first-input-delay.js
to the <head>
of your document.
The code in this file adds the necessary event listeners to detect the first user input, and since user input on a page can happen at any time, it's critical that this code runs as early as possible.
Since it's less than 400 bytes (gzipped), we recommended you inline it directly into your document <head>
to avoid a blocking request.
2) Register a callback to run when FID is detected.
The code in step (1) above exposes the global method perfMetrics.onFirstInputDelay()
, which takes a function that is invoked with the delay value in milliseconds as well as the Event
object from the first input.
For example, to detect FID and report it as an event to Google Analytics, you could use the following code:
// The perfMetrics object is created by the code that goes in <head>.
perfMetrics.onFirstInputDelay(function(delay, evt) {
ga('send', 'event', {
eventCategory: 'Perf Metrics',
eventAction: 'first-input-delay',
eventLabel: evt.type,
// Event values must be an integer.
eventValue: Math.round(delay),
// Exclude this event from bounce rate calculations.
nonInteraction: true,
});
});
This code has been tested and known to work in all major browsers as well as Internet Explorer back to version 9.
0.1.3 (2018-09-21)
FAQs
A JavaScript library for measuring the First Input Delay metric. See https://goo.gl/1AKcj5.
The npm package first-input-delay receives a total of 8,079 weekly downloads. As such, first-input-delay popularity was classified as popular.
We found that first-input-delay demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.