Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
loading-attribute-polyfill
Advanced tools
A minimal and dependency-free vanilla JavaScript polyfill for the awesome loading='lazy'-attribute.
Work in progress
Fast and lightweight vanilla JavaScript polyfill for the native behaviour to load elements right before they enter the viewport. Provides graceful degradation, and is - not just thatfor - SEO friendly. Handles images with srcset and within picture, as well as iframes. loading="lazy" will be a huge improvement for todays web performance challenges, so use and polyfill it today!
loading="lazy"
attribute on image
and iframe
elementsTBD
The polyfill was designed with the following concepts kept in mind:
Just integrate the JavaScript file into your code - et voilà.
You may optionally load via NPM or Bower:
$ npm install loading-attribute-polyfill
$ bower install loading-attribute-polyfill
You could even load the polyfill asynchronously: https://jsbin.com/yitarajawe/edit?html,css
Afterwards you'll need to wrap all of your <img>
and <iframe>
HTML tags that you'd like to lazy load (and thatfor added a loading="lazy"
attribute as well) by an <noscript>
HTML tag:
<noscript class="loading-lazy">
<img
src="simpleimage.jpg"
loading="lazy"
alt=".."
width="250"
height="150"
/>
</noscript>
<picture>
<noscript class="loading-lazy">
<source
media="(min-width: 40em)"
srcset="
simpleimage.huge.jpg 1x,
simpleimage.huge.2x.jpg 2x
"
/>
<source
srcset="
simpleimage.jpg 1x,
simpleimage.2x.jpg 2x
"
/>
<img
src="simpleimage.jpg"
loading="lazy"
alt=".."
width="250"
height="150"
/>
</noscript>
</picture>
srcset
<noscript class="loading-lazy">
<img
src="simpleimage.jpg"
srcset="
simpleimage.1024.jpg 1024w,
simpleimage.640.jpg 640w,
simpleimage.320.jpg 320w
"
sizes="(min-width: 36em) 33.3vw, 100vw"
alt="A rad wolf"
loading="lazy"
/>
</noscript>
<noscript class="loading-lazy">
<iframe
src="https://player.vimeo.com/video/87110435"
width="320"
height="180"
loading="lazy"
></iframe>
</noscript>
In case you'd like to support older versions of Microsoft EDGE, Microsoft Internet Explorer 11 or Apple Safari up to 12.0, you could (conditionally) load an IntersectionObserver polyfill:
https://www.npmjs.com/package/intersection-observer
Nevertheless this polyfill would still work in those browsers without that other polyfill included, but this small amount of users wouldn't totally benefit from the lazy loading functionality - we've at least got you partly covered by using the Microsoft proprietary lazyloading resource hints.
Nothing really, just plug it in, it will should work out of the box.
See the polyfill in action either by downloading / forking this repo and have a look at demo/index.html
, or at the hosted demo: https://mfranzke.github.io/loading-attribute-polyfill/demo/
FAQs
Fast and lightweight dependency-free vanilla JavaScript polyfill for native lazy loading / the awesome loading='lazy'-attribute.
The npm package loading-attribute-polyfill receives a total of 1,274 weekly downloads. As such, loading-attribute-polyfill popularity was classified as popular.
We found that loading-attribute-polyfill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.