Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
glsl-inject-defines
Advanced tools
glsl-inject-defines
Safely inject #define statements into a shader source.
If the shader contains any #version or #extension statements, the defines are added after them.
Example
// Your cool shader
#version 330
#extension GL_OES_standard_derivatives : enable
void main() {
#ifdef BLUE
gl_FragColor = vec4(0.0, 0.0, 1.0, 1.0);
#else
gl_FragColor = vec4(0.0);
#endif
}
You can process it at runtime, like so:
var injectDefines = require('glsl-inject-defines')
var fs = require('fs')
var source = fs.readFileSync(__dirname + '/shader.glsl', 'utf8')
var transformed = injectDefines(source, {
PI: 3.14,
BLUE: ''
})
console.log(transformed)
The resulting shader:
// Your cool shader
#version 330
#extension GL_OES_standard_derivatives : enable
#define PI 3.14
#define BLUE
void main() {
#ifdef BLUE
gl_FragColor = vec4(0.0, 0.0, 1.0, 1.0);
#else
gl_FragColor = vec4(0.0);
#endif
}
Works in the browser with browserify and glslify.
Install
npm install glsl-inject-defines
Usage
newSource = injectDefines(source, defines)
Injects the set of defines, an object with <name, value> pairs that will get turned into strings for the shader source.
Returns the transformed source, with defines injected after extension and version statements.
License
MIT. See LICENSE.md for details.
FAQs
injects a #define statement into a shader source
The npm package glsl-inject-defines receives a total of 169,503 weekly downloads. As such, glsl-inject-defines popularity was classified as popular.
We found that glsl-inject-defines demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Jun 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025