Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
gl
lets you create a WebGL context in node.js without making a window or loading a full browser environment.
It aspires to fully conform to the WebGL 1.0.3 specification.
//Create context
var width = 64
var height = 64
var gl = require('gl')(width, height, { preserveDrawingBuffer: true })
//Clear screen to red
gl.clearColor(1, 0, 0, 1)
gl.clear(gl.COLOR_BUFFER_BIT)
//Write output as a PPM formatted image
var pixels = new Uint8Array(width * height * 4)
gl.readPixels(0, 0, width, height, gl.RGBA, gl.UNSIGNED_BYTE, pixels)
process.stdout.write(['P3\n# gl.ppm\n', width, " ", height, '\n255\n'].join(''))
for(var i=0; i<pixels.length; i+=4) {
for(var j=0; j<3; ++j) {
process.stdout.write(pixels[i+j] + ' ')
}
}
Because gl
uses native code, it is a bit more involved to set up than a typical JavaScript npm module. Before you can use it, you will need to ensure that your system has the correct dependencies installed.
For general information on building native modules, see the node-gyp
documentation. System specific build instructions are as follows:
build-essential
package on apt
)Once your system is set up, installing the headless-gl
module is pretty easy to do with npm. Just run the following command:
npm i gl
And you are good to go!
var gl = require('gl')(width, height[, options])
Creates a new WebGLRenderingContext
with the given parameters.
width
is the width of the drawing bufferheight
is the height of the drawing bufferoptions
is an optional object whose properties are the context attributes for the WebGLRendering contextReturns A new WebGLRenderingContext
object
In addition to all of the usual WebGL methods, headless-gl
adds the following two methods to each WebGL context in order to support some functionality which would not otherwise be exposed at the WebGL level.
gl.resize(width, height)
Resizes the drawing buffer of a WebGL rendering context
width
is the new width of the drawing buffer for the contextheight
is the new height of the drawing buffer for the contextNote In the DOM, this method would implemented by resizing the canvas, which is done by modifying the width/height
properties.
gl.destroy()
Destroys the WebGL context immediately, reclaiming all resources
Note For long running jobs, garbage collection of contexts is often not fast enough. To prevent the system from becoming overloaded with unused contexts, you can force the system to reclaim a WebGL context immediately by calling .destroy()
.
The previous version of gl
(aka headless-gl
) was pretty much a terrible hack. Thanks to the support of @mapbox and @google's ANGLE project, gl
is now actually kind of good! The following things are now way better in version >=2.0.0:
gl-conformance
.destroy()
and .resize()
methodsnode-webgl
?It depends on what you are trying to do. node-webgl is good if you are making a graphical application like a game, and allows for access to some features which are not part of ordinary WebGL. On the other hand, because headless-gl does not create any windows, it is suitable for running in a server environment. This means that you can use it to generate figures using OpenGL or perform GPGPU computations using shaders. Also, unlike node-webgl
, headless-gl
attempts to correctly implement the full WebGL standard making it more reliable.
nw.js
/electron/atom shell/Chromium?nw.js
is good if you need a full DOM implementation. On the other hand, because it is a larger dependency it can be more difficult to set up and configure. headless-gl
is lighter weight and more modular in the sense that it just implements WebGL and nothing else.
<image>
and <video>
elements implemented?They aren't for now. If you want to upload data to a texture, you will need to unpack the pixels into a Uint8Array
and stick on the GPU yourself.
None at the moment
npm install
cd
into the build directory and run make
npm build
npm test
This should work on most environments, but hasn't been tested thoroughly with windows.
See LICENSES
FAQs
Creates a WebGL context without a window
The npm package gl receives a total of 16,002 weekly downloads. As such, gl popularity was classified as popular.
We found that gl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.