Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
loading-attribute-polyfill
Advanced tools
Fast and lightweight dependency-free vanilla JavaScript polyfill for native lazy loading / the awesome loading='lazy'-attribute.
Fast and lightweight vanilla JavaScript polyfill for native lazy loading, meaning the behaviour to load elements right before they enter the viewport. Provides graceful degradation, and is - not just thatfor - SEO friendly. Handles images with srcset
and within picture
, as well as iframe
elements. loading="lazy"
will be a huge improvement for todays web performance challenges, so use and polyfill it today!
loading="lazy"
attribute on img
and iframe
elementsThe polyfill was designed with the following concepts kept in mind:
We're even also providing another solution, which main architectural decision is that we're using Service Worker to intercept the image and iframe contents network requests there. This comes with some aspects that are important to mention, that might be either acceptable (have a look at the other solution) or not (stay with this one) on your requirements and technical context.
Whereas the first topic might not be a problem (anymore) on most websites – as this should be the de-facto standard nowadays – the second and third might be acceptable in your context, as this polyfill behaves as a progressive enhancement to provide the expected functionality even for non-supporting browsers both only on seconds pages request and any revisits and for same origin image and contents (iframe) requests even only.
First you'll need to integrate the JavaScript file into your code.
You may optionally load via NPM or Bower:
$ npm install loading-attribute-polyfill
$ bower install loading-attribute-polyfill
You could load the polyfill asynchronously as well: https://output.jsbin.com/codelib/1
Include one of the provided JavaScript files depending on your setup plus the CSS file:
<link rel="stylesheet" href="dist/loading-attribute-polyfill.css" />
<script src="dist/loading-attribute-polyfill.umd.js" async></script>
or e.g. within JS
import loadingAttributePolyfill from "node_modules/loading-attribute-polyfill/dist/loading-attribute-polyfill.module.js";
Afterwards, you need to wrap all of your <img>
and <iframe>
HTML tags (in the case of <picture>
use the complementary <source>
HTML tags) that you'd like to lazy load with a <noscript>
HTML tag (with the attribute class="loading-lazy"
.)
Please keep in mind that it's important to even also include width
and height
attributes on <img>
HTML tags, as the browser could determine the aspect ratio via those two attributes values being set (even if you overwrite them via CSS), compare to the great work by Jen Simmons on this topic, e.g. within these articles https://css-tricks.com/do-this-to-improve-image-loading-on-your-website/ (with video) or https://css-tricks.com/what-if-we-got-aspect-ratio-sized-images-by-doing-almost-nothing/
And please "Avoid lazy-loading images that are in the first visible viewport", compare to the article "Browser-level image lazy-loading for the web" published on web.dev:
You should avoid setting
loading=lazy
for any images that are in the first visible viewport. It is recommended to only addloading=lazy
to images which are positioned below the fold, if possible.
<noscript class="loading-lazy">
<img src="simpleimage.jpg" loading="lazy" alt=".." width="250" height="150" />
</noscript>
<noscript class="loading-lazy">
<picture>
<source
media="(min-width: 40em)"
srcset="simpleimage.huge.jpg 1x, simpleimage.huge.2x.jpg 2x"
/>
<source srcset="simpleimage.jpg 1x, simpleimage.2x.jpg 2x" />
<img
src="simpleimage.jpg"
loading="lazy"
alt=".."
width="250"
height="150"
/>
</picture>
</noscript>
srcset
<noscript class="loading-lazy">
<img
src="simpleimage.jpg"
srcset="
simpleimage.1024.jpg 1024w,
simpleimage.640.jpg 640w,
simpleimage.320.jpg 320w
"
sizes="(min-width: 36em) 33.3vw, 100vw"
alt="A rad wolf"
loading="lazy"
/>
</noscript>
<noscript class="loading-lazy">
<iframe
src="https://player.vimeo.com/video/87110435"
width="320"
height="180"
loading="lazy"
></iframe>
</noscript>
In case you'd like to support older versions of Microsoft Edge, Microsoft Internet Explorer 11 or Apple Safari up to 12.0, you could (conditionally) load an IntersectionObserver polyfill:
https://www.npmjs.com/package/intersection-observer
Nevertheless this polyfill would still work in those browsers without that other polyfill included, but this small amount of users wouldn't totally benefit from the lazy loading functionality - we've at least got you partly covered by using the Microsoft proprietary lazy loading resource hints.
Internet Explorer 9 and 10 have bugs where the 'interactive' state can be fired too early before the document has finished parsing.
Source: https://developer.mozilla.org/en-US/docs/Web/API/Document/readyState
That for you would need to include the polyfill the latest within the HTML code, like the nearest to the closing body
HTML tag, as including it e.g. within the head
section might lead to an unexpected state, so that in worst case the images might not get loaded.
The polyfill has been enhanced to even also provide it's functionality on IE9. But please keep in mind to even also include a matchMedia
polyfill.
And the images are still displaying an error in the demo on IE9, as most likely (from my understanding) this browser doesn't work with the HTTPS protocol by GitHub pages any more, but the src-attributes values are correctly rewritten after all.
In case that you're dynamically adding HTML elements within the browser, you could call the following method with an included HTMLElement object, like e.g.:
loadingAttributePolyfill.prepareElement(document.querySelector('main noscript.loading-lazy'));
See the polyfill in action either by downloading / forking this repository and have a look at demo/index.html
, or at the hosted demo: https://mfranzke.github.io/loading-attribute-polyfill/demo/
Nico23 has developed a WordPress plugin: https://wordpress.org/plugins/native-lazyload-polyfill/ (which is much better than the one by Google !)
@tim-thaler has developed a PHP Twig Extension: https://github.com/tim-thaler/twig-loading-lazy
@tim-thaler has even also developed a Craft Twig Loading Lazy plugin: https://github.com/tim-thaler/craft-twig-loading-lazy
Credits for the initial kickstarter / script to @Sora2455 for better expressing my ideas & concepts and support by @cbirdsong, @eklingen, @DaPo, @nextgenthemes, @diogoterremoto, @dracos, @Flimm, @TomS-, @vinyfc93, @JordanDysart and @denyshutsal. Thank you very much for that, highly appreciated !
Mac
iOS
Windows
Cross-browser testing platform provided by CrossBrowserTesting
loading="eager"
value, as this was released even already, but still seems to be in the measure, learn and improvements phase.If you're trying out and using my work, feel free to contact me and give me any feedback. I'm curious about how it's gonna be used.
And if you do like this polyfill, please consider even also having a look at the other polyfill we've developed: https://github.com/mfranzke/datalist-polyfill/
This project exists thanks to all the people who contribute. [Contribute].
Become a financial contributor and help us sustain our community. [Contribute]
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]
FAQs
Fast and lightweight dependency-free vanilla JavaScript polyfill for native lazy loading / the awesome loading='lazy'-attribute.
The npm package loading-attribute-polyfill receives a total of 2,809 weekly downloads. As such, loading-attribute-polyfill popularity was classified as popular.
We found that loading-attribute-polyfill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.