Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
ldlazy
Vanilla JS Lazy Show Library
Usage
install via npm:
npm install ldlazy
include the required files:
<link rel="stylesheet" type="text/css" href="path-to-dist/index.min.css">
<script type="text/javascript" src="path-to-dist/index.min.js"></script>
construct a ldlazy object:
ldlz = new ldlazy({root: document.body, toggle: function(n) { ... } });
ldlz.add( ... );
Constructor Options
root- root element for monitoring scroll.toggle- when visibility changes, toggle will be called with the target node as param. default null.debounce- millisecond delay before handling events. require debounce.js, otherwise will be ignored.
API
ldlz.add(n)- start monitoring node n for visibility change.ldlz.remove(n)- stop monitoring node n for visibility change.
How It Works
ldlazy controls the visibility of an element based on the event from IntersectionObserver. Two styles will be touched:
visibilityopacity
Alternatively, you can specify a source url for showing / lazy loading an image when the element becomes visible. Use src or data-src (for lazy loading ) attributes to indicate image url:
<div src=""></div>
<img data-src="...">
ldlazy fill the corresponding field ( style.backgroundImage for div, src for img ) when the element is visible.
Additionally, specify following css class over an element for additional effect:
nocache: always load this image with a randomized querystring, which forcily disable the cache.- useful for transitional animated SVG
placeholder: insert a invisible placeholder image with given URL inside this node.- the image may be loaded before visible, so it becomes lazy show instead of lazy load.
- only applicable for container type node ( such as div ).
Class API
init(): askldlazyto scan and init all elements withldlzclasses.
Best Practice
When using with img tag, you may want to fill following attributes to prevent CLS - Cumulative Layout Shift:
-
widthandheight: set to the expected size of your image.- this will be overwritten if you also specify values in stylesheet, but it helps in keeping aspect ratio.
-
src: you can still fillsrcattribute with a 66 bytes long, single pixel, transprent gif:data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEAAAAALAAAAAABAAEAAAIA- this is available as a mixin named
ldlzin Pug after includingdist/index.pug, withsrcas only parameter:
+ldlz("path-to-your-image")(additional-attribute="here", ...)
License
MIT
FAQs
Vanilla JS Lazy Show Library
The npm package ldlazy receives a total of 0 weekly downloads. As such, ldlazy popularity was classified as not popular.
We found that ldlazy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 06 Nov 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025