Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
livephotoskit
Advanced tools
Use the LivePhotosKit JS library to play Live Photos on your web pages.
The JavaScript API presents the player in the form of a DOM element, much
like an image
or video
tag, which can be configured with photo and video
resources and other options, and have its playback controlled either
programmatically by the consuming developer, or via pre-provided controls
by the browsing end-user.
For more detailed documentation, see https://developer.apple.com/reference/livephotoskitjs
For information about Live Photos for developers, see https://developer.apple.com/live-photos
Install and save LivePhotosKit JS:
npm install --save livephotoskit
Import LivePhotosKit JS (ES6/TypeScript):
import * as LivePhotosKit from 'livephotoskit';
A TypeScript type definition file is included in the distribution and will automatically be picked up by the TypeScript compiler.
<script src="https://cdn.apple-livephotoskit.com/lpk/1/livephotoskit.js"></script>
A TypeScript type definition file is available at
https://cdn.apple-livephotoskit.com/lpk/1/livephotoskit.d.ts
Note
The LivePhotosKit JS version number is in the URL. For example, 1 specifies LivePhotosKit JS 1.x.x.
You will then be able to access LivePhotosKit JS via window.LivePhotosKit
.
The LivePhotosKit JS player supports the following browsers:
FAQs
Play Live Photos on the web
The npm package livephotoskit receives a total of 130 weekly downloads. As such, livephotoskit popularity was classified as not popular.
We found that livephotoskit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.