Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Set of practical functions for webgl.
program(gl, program?)
program(gl, vertSource, fragSource)
Get/set active program or create new program from vertex and fragment sources. The WebGLProgram instance is returned.
uniform(gl, name?, data?, program?)
uniform(gl, {name: data, ...}, program?)
Get/set uniform or multiple uniforms. Returns object with uniform parameters: {name, location, data, type}
. Uniforms are stored per-program instance, so to make sure right program is active before updating uniforms a program
can be passed as the last argument.
texture(gl, name?, data|parameters?, program?)
texture(gl, {name: data|parameters, ...}, program?)
Set texture[s] data or parameters:
Name | Meaning |
---|---|
data | Data passed to texture. Can be array, typed array, image, canvas or string denoting the URL of image to load. |
index | Texture unit number, if undefined - calculated automatically. |
filter | Sets texture scaling for both min and mag. Can be defined as two separate properties minFilter and magFilter . By default gl.LINEAR . |
wrap | Defines texture tiling vertically and horizontally. Can be defined precisely as wrapS and wrapT . By default gl.CLAMP_TO_EDGE , can be gl.MIRRORED_REPEAT or gl. . |
width | In pixels |
height | In pixels |
format | gl.ALPHA , gl.RGB , gl.RGBA (default), gl.LUMINANCE , gl.LUMINANCE_ALPHA , gl.DEPTH_COMPONENT , gl.DEPTH_STENCIL , etc |
type | gl.UNSIGNED_BYTE , can be gl.FLOAT with proper extension enabled |
level | 0 , mipmap level. |
Returns object with texture properties {data, index, location, minFilter, magFilter, wrapS, wrapT, width, height, format, type, texture}
.
attribute(gl, name?, data|parameters?, program?)
attribute(gl, {name: data|parameters, ...}, program?)
Set attribute[s] data or parameters:
Name | Default | Meaning |
---|---|---|
data | null | Data for the attribute, can be array or typed array |
size | 2 | Number of data items per vertex |
stride | 0 | Offset in bytes between the beginning of consecutive vertex attributes. |
offset | 0 | Offset in bytes of the first component in the data. Must be a multiple of type. |
type | gl.FLOAT | Data type of each component in the data array. Must be one of: gl.BYTE , gl.UNSIGNED_BYTE , gl.SHORT , gl.UNSIGNED_SHORT , gl.FLOAT . |
usage | gl.STATIC_DRAW | Mode of draw: gl.STATIC_DRAW (rare changes), gl.DYNAMIC_DRAW (frequent changes) or gl.STREAM_DRAW (frequent updates) |
normalized | false | If fixed-point data values should be normalized or are to converted to fixed point values when accessed. |
index | 0 | Attribute unit number, detected automatically if omitted. |
target | gl.ARRAY_BUFFER | |
buffer | null | WebGLBuffer to use for attribute |
Returns attribute properties {data, size, stride, offset, usage, type, normalized, index, target, buffer}
.
There are regl and other stack.gl components like gl-texture, gl-shader etc, so why bother?
Because their API may give hard time remembering, same as pure webgl methods. Also gl-utils do not supersede webgl API, so that allows for debugging pure webgl for a moment if one need to. Also if one need minimalistic webgl setup it may be better to opt for a couple of functions over relatively massive stack.gl components.
gl-util is like functions from any webgl tutorial. Tiny, handy and already familiar, so.
FAQs
Set of practical webgl utils
The npm package gl-util receives a total of 151,303 weekly downloads. As such, gl-util popularity was classified as popular.
We found that gl-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.