
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
miniprogram-ar-rtmpc
Advanced tools
使用此组件需要依赖小程序基础库 2.2.1 以上版本,同时依赖开发者工具的 npm 构建。具体详情可查阅官方 npm 文档。
登录公众号平台,打开设置-基本设置-服务类目-详情-添加服务类目,目前小程序实时音视频支持这些服务类目,请选择其中一种。

登录公众号平台,打开开发-接口设置,开启实时播放音视频流并开启实时录制音视频流。

登录公众号平台,打开开发-开发设置-服务器域名-修改,配置服务域名白名单。

打开开发者工具,打开设置-项目设置-勾选'使用npm模块',npm安装moniprogram-ar-rtmpc、moniprogram-ar-push、moniprogram-ar-play之后,点击工具-构建npm。
微信小程序基础库需要大于1.7.0,低版本需做兼容处理。
开发者工具模拟器除特殊版本之外,不支持实时音视频功能,请使用真机调试。
1.结合小程序实时连麦SDK使用
2.结合小程序推流组件和小程序拉流组件使用
npm install --save miniprogram-ar-rtmpc
import { XcxGuestKit } from 'miniprogram-ar-rtmpc';
//创建实例
let guest = new XcxGuestKit();
that.setData({
guest: guest
});
//初始化
guest.initEngine(config.DEV_ID, config.APP_ID, config.APP_KEY, config.APP_TOKEN, config.APP_DOMAIN);
//加入房间
guest.joinRTCLine(roomId, userid, JSON.stringify({ userid }));
//加入房间成功回调
guest.on("onJoinLineResult", (code, data) => {
if (code == 0) {
wx.showToast({
icon: 'success',
title: '加入房间成功',
});
}
else if (code == 605) {
wx.showToast({
icon: 'none',
title: '直播未开始',
});
}
else {
wx.showToast({
icon: 'none',
title: '加入房间失败: ' + code,
});
}
});
//收到推流URL回调,将URL绑定到ar-push推流组件中,其他人将收到自己的视频
guest.on("onGetPushUrl", (code, data) => {
console.log('onGetPushUrl', code, data);
if (code === 0) {//成功
that.setData({
xcxUserId: data.xcxUserId,
pushURL: data.pushURL,
arPushcomponent: that.selectComponent("#arPush"),
});
} else {
wx.showToast({
icon: 'none',
title: '获取房间签名失败',
});
}
});
guest.leaveRoom();
//自行路由跳转
FAQs
实时连麦小程序SDK
The npm package miniprogram-ar-rtmpc receives a total of 11 weekly downloads. As such, miniprogram-ar-rtmpc popularity was classified as not popular.
We found that miniprogram-ar-rtmpc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.