Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
image-palette-core
Advanced tools
Readme
The core logic for parsing a palette from image data. You can use this if you want an imperative
API for generating a palette. If you want to use it with React you can use react-image-palette
npm install --save image-palette-core
The main export of the package is a getImagePalette
function which takes an image and returns an accessible color palette representing the most dominant colors in the image.
import getImagePalette from 'image-palette-core'
const img = new Image();
img.src = 'foo.jpg';
img.onload = function() {
// The image *must* be loaded before calling `getImagePalette`
const palette = getImagePalette(img);
}
⚠️ Keep in mind that the image will be loaded into a canvas and parsed as data, so you should only use images from trusted origins.
The parsed palette will have the following shape:
type Palette = {
backgroundColor: String,
color: String,
alternativeColor: String
}
backgroundColor
will be the most dominant color in the image.color
will be the color that looks the best overlayed over backgroundColor
.alternativeColor
will be the second best color. If there are only two colors parsed, it will default to color
.Both alternativeColor
and color
are guaranteed to meet the minimum contrast ratio requirements when overlayed with backgroundColor
, but overlaying color
on alternativeColor
(or vice-versa) is a bad idea as they will often have very similar contrast levels.
FAQs
Create ARIA-compliant color themes based on any image.
The npm package image-palette-core receives a total of 413 weekly downloads. As such, image-palette-core popularity was classified as not popular.
We found that image-palette-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.