Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
miniprogram-cropper
Advanced tools
miniprogram-cropper
小程序自定义组件:图片裁剪工具
使用此组件需要依赖小程序基础库 2.2.1 以上版本,同时依赖开发者工具的 npm 构建。具体详情可查阅官方 npm 文档
安装
npm install miniprogram-cropper --save
使用
页面 page.json 中添加自定义组件
{
"usingComponents": {
"miniprogram-cropper": "miniprogram-cropper"
}
}
页面 WXML 中引用自定义组件
<miniprogram-cropper id="crop" options="{{cropperOpt}}">
</miniprogram-cropper>
options 属性
组件 methods
如何在页面调用组件内方法
- 获取组件实例
onLoad () {
this.crop = this.selectComponent('#crop')
}
- 调用组件内方法
// 载入图片
this.crop.pushOrign(tempFilePath)
// 获取裁剪图片
this.crop.getCropperImage()
.then(function (path) {
// Todo
})
代码示例
page.wxml
<miniprogram-cropper id="crop" options="{{cropperOpt}}"></miniprogram-cropper>
<view
class="cropper-buttons"
:style="{ color:cropperOpt.boundStyle.color}">
<view
class="upload btn"
bindtap="uploadTap">
上传图片
</view>
<view
class="getCropperImage btn"
:style="{ backgroundColor: cropperOpt.boundStyle.color }"
bindtap="getCropperImage">
生成图片
</view>
</view>
page.js
const device = wx.getSystemInfoSync()
const width = device.windowWidth
const height = device.windowHeight - 50
Page({
crop: null,
data: {
cropperOpt: {
id: 'cropper',
targetId: 'targetCropper',
pixelRatio: device.pixelRatio,
width,
height,
scale: 2.5,
zoom: 8,
cut: {
x: (width - 300) / 2,
y: (height - 300) / 2,
width: 300,
height: 300
},
boundStyle: {
color: '#ffffff',
mask: 'rgba(0,0,0,0.8)',
lineWidth: 1
}
}
},
uploadTap () {
const self = this
if (this.crop) {
wx.chooseImage({
count: 1, // 默认9
sizeType: ['compressed'], // 可以指定是原图还是压缩图,默认二者都有
sourceType: ['album', 'camera'], // 可以指定来源是相册还是相机,默认二者都有
success (res) {
const src = res.tempFilePaths[0]
// 获取裁剪图片资源后,给data添加src属性及其值
self.crop.pushOrign(src)
}
})
}
},
getCropperImage () {
this.crop.getCropperImage()
.then((src) => {
wx.previewImage({
current: '', // 当前显示图片的http链接
urls: [src] // 需要预览的图片http链接列表
})
})
.catch(() => {
console.log('获取图片地址失败,请稍后重试')
})
},
onLoad () {
this.crop = this.selectComponent('#crop')
}
})
LISENCE
MIT License
FAQs
The npm package miniprogram-cropper receives a total of 4 weekly downloads. As such, miniprogram-cropper popularity was classified as not popular.
We found that miniprogram-cropper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Nov 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025