
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Ship anime.js animations with 0 bytes of Javascript
Nîmes is a command-line tool to turn anime.js animations from a javascript file into a CSS file, containing the appropriate ruleset to implement the same animation without any trace of javascript.
Features · Installation · Usage · Examples · Real-world usage
Obviously, anime.js features that are inherently javascript-dependent can't be implemented. Most of these limitations come from the fact that no DOM is available while generating the stylesheet.
anime.timeline
timeline.add
anime
APIeaseIn
or easeOut
)anime.stagger
endDelay
If you found a way to generate CSS that implements any of these, please open an issue with your idea or a pull request if you have an implementation ready
complete
, begin
, etc.)round
npm install nimes
Remove any DOM-related code (you'll be running this script with Node.js)
Append the following line at the start of your anime.js script:
const {anime} = require("nimes").default;
Add a call to .intoCSS
(the method takes no parameters) on the anime.timeline
object you want to convert.
The return value is a string containing the entire stylesheet.
You can either console.log
it to then pipe the stdout of node your-script.js
to a file, or you can use fs.writeFileSync
to write it to a file (or anything else really, it's just a string).
Run the script
$ node my-script.js
FAQs
Generate CSS-only animations from anime.js animations
We found that nimes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.