Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ncc (or node-chrome-canvas) utilizes Googles Chrome-Browser and its remote debugging protocol to give Node.js access to a full-blown HTML5 Canvas-Element and its 2d-Context.
In contrast to canvas (that may satisfy your needs as well) which uses Cairo to sham a canvas, ncc works with a real HTMLCanvasElement in a Browser-Context.
Behind the curtains of the familiar Canvas-API, ncc uses a single WebSocket-Connection and some command-bundeling-logic to gain its performance.
npm install ncc
var ncc = require('ncc')
var canvas = ncc();
canvas.width = canvas.height = 256;
var ctx = canvas.getContext('2d');
ctx.fillStyle = "slateGray";
ctx.fillRect(28, 28, 200, 200)(); // <<< function call is intentional!
learn how to setup ncc and draw shapes to canvas
learn how to start using ncc even before it is fully set up
learn how to get return values of non-void functions
learn how to use gradients and patterns
learn how to apply images from urls or the filesystem
learn how work with more than one canvas
ncc follows the native Web API Interfaces...
HTMLCanvasElement,
HTMLImageElement,
CanvasRenderingContext2D,
CanvasGradient,
CanvasPattern
... as close as possible.
Differences are a result of the asynchronous nature of ncc. All object creations, method calls and property manipulations don't get processed directly, but get serialized and stored until a return value is necessary and a request is therefore unavoidable.
Every 'Object' provided by *ncc is (and also every of their methods returns) actually a function to trigger a synchronization. You can pass a error-first-callback ( 'function(error, result){...}' ) to such a function to receive the return value of the last action (see examples).
The **Canvas-** RenderingContext2D, -Gradient and -Pattern Proxys are fully implemented. The **HTML-** CanvasElement and -ImageElement Proxys only have properties and functions that are necessary. They both implmenet a 'with' and 'height' but no DOM functionality. Methods that go beyond the native API are marked with a leading underscore and hidden from console by default (e.g. 'image._toFs(filePath, <callback>)' to write a image to the filesystem)
ncc( <options> , <callback> ) >>> [canvas]
ncc( <callback> ) >>> [canvas]
ncc.createCanvas() >>> [canvas]
ncc.createImage( <src> , <onloadFn> , <onerrorFn> ) >>> [image]
nccCanvas.getContext( nativeAPI ) >>> [context2d]
context2d.createLinearGradient( nativeAPI ) >>> [linearGradient]
context2d.createRadialGradient( nativeAPI ) >>> [radialGradient]
context2d.createPattern( nativeAPI ) >>> [pattern]
{ verbose: false,
port: 9222,
spawn: {
command: 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe',
args: [ '--app=' + __dirname + '\\index.html',
'--remote-debugging-port={PORT}',
'--user-data-dir=' + os.tmpdir() + '\\nccanvas' ],
options: {}
},
retry: 3,
retryDelay: 1000 }
If you are faceing problems getting ncc started (especially on a none-windows system) you should make changes to the 'spawn'-options. Try to spawn a blank chrome instance first...
var spawn = require('child_process').spawn,
args = [],
chrome = spawn('path/to/chromeExecutable', args);
chrome.stdout.on('data', function (data) {
console.log('stdout: ' + data);
});
chrome.stderr.on('data', function (data) {
console.log('stderr: ' + data);
});
chrome.on('close', function (code) {
console.log('child process exited with code ' + code);
});
FAQs
node-chrome-canvas | a simple to use and performant HTML5 canvas for Node.js
We found that ncc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.