Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A simple and reliable API to achieve blur and transparency across platforms (Windows/Linux/MacOS), so you don't have to panic with Electron bugs and messy code! Plus, it's really simple!
$ npm install glasstron
const glasstron = require('glasstron');
glasstron.init(); // Call it before requiring electron!
const electron = require('electron');
let win;
electron.app.on('ready', () => {
win = new electron.BrowserWindow({
width: 800,
height: 600,
// ...
});
glasstron.update(win, {
windows: {blurType: 'acrylic'},
// ^~~~~~~
// Windows 10 1803+; for older versions you might want to use 'blurbehind'
macos: {vibrancy: 'fullscreen-ui'},
linux: {requestBlur: true} // KWin
});
});
// ...
Let's face it: achieving composition effects on Electron is painful. For reference, here's quick summary of the amount of problems that arise when trying to blur the background of a window while keeping cross-compatibility.
backgroundColor
window option must be set to transparent. Then, you must not call win.setBackgroundColor()
or else it all breaks. (Tested on Electron 7.1.11 -- I hope this changed with more recent versions of it)Glasstron takes care of those problems and it also aims to support composition effects on Linux. Its ease of use is a distinct feature, so it can be adopted in both new and running projects. It supports Electron 7.1+ without any problem (that's a bold claim, if I am wrong please open an issue).
Glasstron replaces Electron's BrowserWindow
export with a modified version that's capable to deal with the common problems discussed earlier on its own. This means that it's simple to adopt and it doesn't break existing code as every call to broken methods is wrapped so nothing bad happens.
In order to achieve blurriness on Windows, Glasstron calls an external tool (its own bundled swca
application). This means that nothing will randomly break across Node versions.
It also replaces the functionality ofwin.setBackgroundColor()
: since there's no way to set a background color without breaking vibrancy materials on macOS, it will set the background color as injected CSS on the :root
CSS selector. It can be overridden by CSS stylesheets, so be careful! (this was intended -- check the other project Glasscord to know why).
Did you find a bug? File it in the issues section! Do you know how to fix stuff? Make a pull request! Or perhaps you want to send me a hug and a coffee? You can do so here!
Copyright 2020 AryToNeX
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
FAQs
The go-to solution to Electron composition effects
The npm package glasstron receives a total of 1,236 weekly downloads. As such, glasstron popularity was classified as popular.
We found that glasstron demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.