Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
mutationobserver-shim
Advanced tools
The mutationobserver-shim package is a polyfill for the MutationObserver API, which allows you to watch for changes being made to the DOM tree. This is particularly useful for environments where the native MutationObserver is not available.
Observing attribute changes
This feature allows you to observe changes to attributes of a DOM element. The provided code sample sets up a MutationObserver to watch for attribute changes on an element with the ID 'some-id'.
const targetNode = document.getElementById('some-id');
const config = { attributes: true };
const callback = function(mutationsList, observer) {
for(let mutation of mutationsList) {
if (mutation.type === 'attributes') {
console.log('The ' + mutation.attributeName + ' attribute was modified.');
}
}
};
const observer = new MutationObserver(callback);
observer.observe(targetNode, config);
Observing child list changes
This feature allows you to observe changes to the child nodes of a DOM element. The provided code sample sets up a MutationObserver to watch for additions or removals of child nodes on an element with the ID 'some-id'.
const targetNode = document.getElementById('some-id');
const config = { childList: true };
const callback = function(mutationsList, observer) {
for(let mutation of mutationsList) {
if (mutation.type === 'childList') {
console.log('A child node has been added or removed.');
}
}
};
const observer = new MutationObserver(callback);
observer.observe(targetNode, config);
Observing subtree changes
This feature allows you to observe changes to the entire subtree of a DOM element. The provided code sample sets up a MutationObserver to watch for additions or removals of child nodes within the subtree of an element with the ID 'some-id'.
const targetNode = document.getElementById('some-id');
const config = { subtree: true, childList: true };
const callback = function(mutationsList, observer) {
for(let mutation of mutationsList) {
if (mutation.type === 'childList') {
console.log('A child node has been added or removed in the subtree.');
}
}
};
const observer = new MutationObserver(callback);
observer.observe(targetNode, config);
The mutation-observer package is another polyfill for the MutationObserver API. It provides similar functionality to mutationobserver-shim, allowing you to observe changes to the DOM tree. Both packages aim to provide a consistent API for environments where the native MutationObserver is not available.
The mutation-summary package provides a higher-level API for observing changes to the DOM. It allows you to specify queries to observe and provides summaries of the changes. This package offers more advanced features compared to mutationobserver-shim, but it may be more complex to use.
Note: IE7 fails due to quirky attribute handling (see #4)
Safari 6.0.5 uses a buggy WebKitMutationObserver
(don't have a computer with Safari to test on unfortuantely)
Note: the svg swapped the working browsers; IE8 works and so does Safari 5
A polyfill for the MutationObserver API (can I use?). The polyfill is more cause we can than should (with subtree at any rate)... It's async and uses a recursive timeout fallback (default checks changes every 30ms + runtime) instead of using the deprecated DOM3 MutationEvents so theoretically can support virtually any environment.
$ npm install mutationobserver-shim
$ bower install MutationObserver-shim
<script src="//cdn.jsdelivr.net/g/mutationobserver/"></script>
setTimeout
(every ~30 ms) rather than using a setImmediate
polyfill; so calls will be made less frequently and likely with more data than the standard MutationObserver. In addition, it can miss changes that occur and then are lost in the interval window.innerHTML
will call childList
observer listeners with several mutations with only 1 addedNode or removed node per mutation. With the standard you would have 1 call with multiple nodes in addedNodes and removedNodes node lists.childList
and subtree
changes in node order (eg first element gets swapped with last) should fire a addedNode
and removedNode
mutation but the correct node may not always be identified.addedNodes
and removedNodes
are arrays instead of NodeList
soldValue
is always called with attribute changesnextSibling
and previousSibling
correctfullness is questionable (hard to know if the order of appended items). I'd suggest not relying on them anyway (my tests are extremely permissive with these attributes)Currently supports the following MutationObserverInit properties:
style
attribute may not be matched in ie<8.textNodes
values and not, like in webkit, where setting .innerHTML will add a characterData mutation.By default, the polyfill will check observed nodes about 25 times per second (30 ms interval) for mutations. Try running these jsperf.com tests and the JSLitmus tests in the test suite for usage performance tests. It may be worthwile to adapt MutationObserver._period
based on UA or heuristics (todo).
From my tests observing any size element without subtree
enabled is relatively cheap. Although I've optimized the subtree check to the best of my abilities it can be costly on large trees. You can draw your own conclusions based on the JSLitmus and jsperf tests noting that you can expect the mo
to do its check 28+ times a second (by default).
Although supported, I'd recommend against watching attributes
on the subtree
on large structures, as the check is complex and expensive on terrible hardware like my phone :(
The included minified file has been tuned for performance.
I've tested and verified compatibility in the following browsers + these Sauce browsers
Try running the test suite and see some simple example usage:
See http://dev.opera.com/articles/view/mutation-observers-tutorial/ for some sample usage.
FAQs
MutationObserver shim for ES3 environments
The npm package mutationobserver-shim receives a total of 140,668 weekly downloads. As such, mutationobserver-shim popularity was classified as popular.
We found that mutationobserver-shim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.