Security News
Feross on TBPN: How North Korea Hijacked Axios
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
By Sarah Gooding - Apr 08, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
iframy
Library for rendering cross-domain components and communication between them
Installation
npm:
npm install iframy --save
yarn:
yarn add iframy
DEMO
Support
 Internet Explorer |  Microsoft Edge |   Mozilla Firefox |    Google Chrome |   Opera |    Safari |  Android WebView |
|---|---|---|---|---|---|---|
| 10+ * | 12+ | 8+ | 1+ | 9.5+ | 4+ | Yes |
* - Only for inline mode
API
Parent
create
Use method to initiate instance and pass necessary props / iframe configuration
dimensions - object with width and height properties, applied to iframe
props - any serializable initial data to send to child
scrolling - param to highlight whether content inside iframe should be scrollable
url - url to open inside child iframe
import { IFramyParent } from 'iframy/parent';
const iframy = IFramyParent.create({
dimensions: {
width: '80%',
height: '80%',
},
props: {
name: 'Alex',
},
scrolling: true,
url: 'https://web-site.com',
});
render
Async method to render iframe into specific container. Used for lazy rendering of component. Once promise is resolved - child component is ready to be used
selector - string / HTMLElement parameter to point container where to render iframe
import { IFramyParent } from 'iframy/parent';
const iframy = IFramyParent.create({
dimensions: {
width: '80%',
height: '80%',
},
props: {
name: 'Alex',
},
scrolling: true,
url: 'https://web-site.com',
});
await iframy.render('#container');
emit
Method to send message to child component
iframy.emit('message-type', { any: 'data' });
addListener / on
Method to subscribe to events, being sent from child
iframy.addListener('message-type', data => console.log(data));
// or use alias
iframy.on('message-type', data => console.log(data));
addListenerOnce / once
Method to subscribe to events, being sent from child; emitted once and listener is removed after that
iframy.addListenerOnce('message-type', data => console.log(data));
// or use alias
iframy.once('message-type', data => console.log(data));
removeListener / off
Method to remove specific listener from correspondent event type from child
iframy.removeListener('message-type', listener);
// or use alias
iframy.off('message-type', listener);
removeAllListeners / offAll
Method to remove all listeners from correspondent event type from child
iframy.removeAllListeners('message-type');
// or use alias
iframy.offAll('message-type');
Child
create
Use method to initialize child component and let parent know, that your iframe is ready
api - object of { [key: string]: function } structure to initialize api, being used by parent
import { IFramyChild } from 'iframy/child';
const iframy = await IFramyChild.create({
api: {
sendMessage: data => {;
return `Message: ${data}`;
},
},
});
props
Data, passed from parent. Useful to receive initial data from parent window
const data = iframy.props;
emit
Method to send message to parent component
iframy.emit('message-type', { any: 'data' });
addListener / on
Method to subscribe to events, being sent from parent
iframy.addListener('message-type', data => console.log(data));
// or use alias
iframy.on('message-type', data => console.log(data));
addListenerOnce / once
Method to subscribe to events, being sent from parent; emitted once and listener is removed after that
iframy.addListenerOnce('message-type', data => console.log(data));
// or use alias
iframy.once('message-type', data => console.log(data));
removeListener / off
Method to remove specific listener from correspondent event type from parent
iframy.removeListener('message-type', listener);
// or use alias
iframy.off('message-type', listener);
removeAllListeners / offAll
Method to remove all listeners from correspondent event type from parent
iframy.removeAllListeners('message-type');
// or use alias
iframy.offAll('message-type');
Examples
Find example here
Contributing
iframy is open-source library, opened for contributions
Tests
in progress
License
iframy is MIT licensed
FAQs
Library for creating & controlling cross-domain components
We found that iframy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Feb 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Attackers Are Impersonating a Linux Foundation Leader in Slack to Target Open Source Developers
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.
By Sarah Gooding - Apr 08, 2026
Research
/Security News
North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
By Kirill Boychenko - Apr 07, 2026