Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A small utility to lazy-load autoplay HTML5 videos once they enter the viewport.
A small utility to lazy-load autoplay HTML5 videos once they enter the viewport.
Install using your favourite package manager.
$ yarn add lazyvids
Import into your project.
import 'lazyvids';
lazyvids.js works by setting attributes on HTML5 video elements, and playing the videos once they are scrolled into view.
Add a [data-lazyvids]
attribute to <video>
elements that you want to lazy-play.
Add preload="none"
to the <video>
to prevent the browser from downloading it when out of view. preload="metadata"
is preferred, but does not work as it should in Safari (🙄).
It's best practice to also include muted
and playsinline
attributes, but the library will add them by default.
Provide the <video>
with a poster
image attribute. A poster image is required for the video to lazy-play by default, but this behaviour can be changed using the relevant lazyvidsConfig
option.
<video
data-lazyvids
muted
playsinline
preload="none"
poster="poster.jpg"
src="example.mp4"
></video>
<video data-lazyvids muted playsinline preload="none" poster="poster.jpg">
<source src="example.webm" type="video/webm" />
<source src="example.mp4" type="video/mp4" />
</video>
Configuration options are available using a lazyvidsConfig
object on the global window
object.
<script>
window.lazyvidsConfig = lazyvidsConfig || {};
lazyvidsConfig = {
logLevel: 'silent',
ignoreHidden: false,
minBandwidth: 0,
reduceData: false,
requirePoster: true,
};
</script>
Option | Type | Default Value | Description |
---|---|---|---|
logLevel | string | silent | Set logging level: verbose , warn , silent . |
ignoreHidden | boolean | false | Set whether to skip <video> elements with display: hidden . |
minBandwidth | number | 0 | If reduceData is true , set threshold above which videos will play. |
reduceData | boolean | false | If true , will not play videos if data saver is enabled or bandwidth is below minBandwidth . |
requirePoster | boolean | true | When false , will lazy-play video even if poster image is missing. |
FAQs
A small utility to lazy-load autoplay HTML5 videos once they enter the viewport.
The npm package lazyvids receives a total of 84 weekly downloads. As such, lazyvids popularity was classified as not popular.
We found that lazyvids demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.