![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
font-picker-react
Advanced tools
Readme
A simple, customizable font picker allowing users to preview, select and use Google Fonts on your website.
→ Demo
This is the React component for the Font Picker library.
To be able to access the API, you'll need to generate a Google Fonts API key.
Install the font-picker-react
package using NPM:
npm install font-picker-react
Add the FontPicker
component to your React code:
import React, { Component } from "react";
import FontPicker from "font-picker-react";
export default class ExampleComponent extends Component {
constructor(props) {
super(props);
this.state = {
activeFontFamily: "Open Sans",
};
}
render() {
return (
<div>
<FontPicker
apiKey="YOUR_API_KEY"
activeFontFamily={this.state.activeFontFamily}
onChange={(nextFont) =>
this.setState({
activeFontFamily: nextFont.family,
})
}
/>
<p className="apply-font">The font will be applied to this text.</p>
</div>
);
}
}
Add the class "apply-font"
to all JSX elements you want to apply the selected font to.
When the user selects a font, it will automatically be downloaded and applied to all elements with the "apply-font"
class.
The following props can be passed to the FontPicker
component:
apiKey
(required): Google API keyactiveFontFamily
: Font that should be selected in the font picker and applied to the text. Should be stored in the component state and updated using onChange
onChange
: Function which is executed when the user changes the active font. This function should update activeFontFamily
in the component statepickerId
: If you have multiple font pickers on your site, you need to give them unique IDs which must be provided as a prop and appended to the .apply-font
class names. Example: If pickerId="main"
, use className="apply-font-main"
families
: If only specific fonts shall appear in the list, specify their names in an array. Default: All font familiescategories
: Array of font categories to include in the list. Possible values: "sans-serif", "serif", "display", "handwriting", "monospace"
. Default: All categoriesscripts
: Array of scripts which the fonts must include and which will be downloaded on font selection. Default: ["latin"]
. Example: ["latin", "greek", "hebrew"]
(see all possible values)variants
: Array of variants which the fonts must include and which will be downloaded on font selection. Default: ["regular"]
. Example: ["regular", "italic", "700", "700italic"]
(see all possible values)filter
: Function which must evaluate to true
for a font to be included in the list. Default: font => true
. Example: If font => font.family.toLowerCase().startsWith("m")
, only fonts whose names begin with "M" will be in the listlimit
: Maximum number of fonts to display in the list (the least popular fonts will be omitted). Default: 50
sort
: Sorting attribute for the font list. Possible values: "alphabet", "popularity"
. Default: "alphabet"
Currently, only the activeFontFamily
, onChange
and sort
props are reactive.
Requirements: Node.js, Yarn
git clone REPO_URL
yarn
yarn start
localhost:3000
Suggestions and contributions are always welcome! Please discuss larger changes via issue before submitting a pull request.
FAQs
Unknown package
The npm package font-picker-react receives a total of 3,219 weekly downloads. As such, font-picker-react popularity was classified as popular.
We found that font-picker-react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.