Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
mobify-plugin
Advanced tools
Mobify Plugin Factory
A generic plugin factory method for creating Mobify plugins.
Requirements
Installation
The plugin factory can be installed using NPM:
npm install mobify-plugin
Usage with Require.js
To use with require.js, after installing through NPM you merely have to reference the plugin factory in your require config file:
{
'paths': {
'plugin': 'node_modules/mobify-plugin/dist/plugin.min',
'myPlugin': 'plugins/myPlugin'
}
}
And then require the plugin factory in as needed:
define(
['$', 'plugin'],
function($, Plugin) {
// create plugin
}
);
Usage
The plugin factory requires a few things to be defined in your plugin prior to calling the plugin factory function.
- Your plugin's constructor, calling
__super__ - A
DEFAULTSstatic property on your plugin's constructor - A
VERSIONstatic property on your plugin's constructor
Creating your plugin
Let's look at an example. In this example, we're going to create a button plugin. To do so, we will use the following code:
define(
[
'$',
'plugin'
],
function($, Plugin) {
function Button(element, options) {
Button.__super__.call(this, element, options, Button.DEFAULTS);
}
Button.VERSION = '0.0.1';
Button.DEFAULTS = {
cssClass = 'button'
};
Plugin.create('button', Button, {
_init: function(element) {
}
});
}
)
First, we declare a Button constructor, and VERSION and DEFAULTS properties. We then invoke the static Plugin.create function. Through prototypal inheritance, this function extends the Button prototype with the Plugin prototype. Additionally, it creates our jQuery plugin interface.
To create a button instance, you merely need to use:
$('<button />').button();
The Plugin factory method
Extends a plugin using the Plugin prototype.
| Parameter name | Description |
|---|---|
| name | The name of the plugin, in lowercase. |
| ctor | The constructor of the plugin we want to extend. |
| prototype | Additional methods we want to extend onto our plugin's prototype. The prototype must declare an _init function, which is used for plugin construction. |
See the example above for usage.
Invoking methods on a plugin.
The plugin factory facilitates invoking methods via the plugin interface. This means that once a plugin is initialized, public methods can be invoked by passing the name of the method as the first parameter to the plugin function.
Public methods are methods defined on the object passed into the Plugin.create factory method that aren't preceded by an underscore character. Methods preceded by an underscore are considered private methods.
Using our button example above, here's what public methods would look like:
define(
[
'$',
'plugin'
],
function($, Plugin) {
function Button(element, options) {
Button.__super__.call(this, element, options, Button.DEFAULTS);
}
Button.VERSION = '0.0.1';
Button.DEFAULTS = {
cssClass = 'button'
};
Plugin.create('button', Button, {
_init: function(element) {
this.$element = $(element);
},
enable: function() {
this.$element.removeAttr('disabled');
},
disable: function() {
this.$element.attr('disabled', 'disabled');
},
isEnabled: function() {
return !this.$element[0].hasAttribute('disabled');
}
});
}
)
In the above example, the enable and disable functions are public. To invoke the method, simply pass the method name into the plugin function:
var $button = $('<button />').button();
$button.button('disable');
Method return values
It's important to note that there's some specific behaviour around invoking methods that return a value when using a single element vs. a set of elements.
When invoking a method against a single element, and when that method returns a value, the value will be returned as expected.
var $button = $('<button />').button();
var enabled = $button.button('isEnabled'); // returns true
When invoking a method against a set of elements, and when that method returns a value, the original set of elements will be returned.
var $buttons = $('.lots-of-buttons').button();
var enabled = $buttons.button('isEnabled'); // returns original set of elements
This behaviour is intentional, as it's assumed that it's unlikely to be calling methods against a set of elements when expecting primitive values in return.
FAQs
A generic plugin factory method for creating Mobify plugins
We found that mobify-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Oct 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025