Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
pearplayer
Advanced tools
PearPlayer(梨享播放器) 是完全用JavaScript写的开源HTML5流媒体播放框架,实现了融合HTTP(包含HTTPS、HTTP2)、WebRTC的多协议、多源、低延迟、高带宽利用率的无插件Web端流媒体加速能力。基于H5的MSE技术(Media Source Extension)将来自多个源节点的Buffer分块喂给播放器,再加上精心设计的算法来达到最优的调度策略及对各种异常情况的处理,Pear Player能在保证用户流畅视频体验的前提下最大化P2P率。
只需将pear-player.min.js
通过<script>
标签导入到HTML就可以使用。 参考以下代码示例,也可以查看/examples/player-test.html
来了解使用方法。
信令部分以及WebRTC部分使用了精心设计的协议,实现此部分可以参考API文档。
<video>
标签一样简单,并容易与video.js等流行播放框架集成Demo演示地址:https://demo.webrtc.win/pearplayer
将以下代码拷贝到html中,打开网页,见证奇迹的时刻到了~
<script src="https://cdn.jsdelivr.net/npm/pearplayer@latest"></script>
<video id="video" controls></video>
<script>
var player = new PearPlayer('#video', {
src: 'https://qq.webrtc.win/tv/Pear-Demo-Yosemite_National_Park.mp4'
});
</script>
首先通过script标签导入pear-player.min.js:
<script src="./dist/pear-player.min.js"></script>
或者使用CDN:
<script src="https://cdn.jsdelivr.net/npm/pearplayer@latest"></script>
假设用video标签播放如下视频,HTML如下所示:
<video id="pearvideo" src="https://qq.webrtc.win/tv/Pear-Demo-Yosemite_National_Park.mp4" controls>
只需要如下几行代码,即可将PearPlayer绑定到video标签:
<script>
/**
* 第一个参数为video标签的id或class
* opts是可选的参数配置
*/
var player = new PearPlayer('#pearvideo', opts);
</script>
恭喜您,您的播放器已经具备P2P能力了,而且无须任何插件!
特别感谢以下项目,为本项目提供了部分灵感来源以及API设计参考:
MIT. Copyright (c) Pear Limited and snowinszu.
E-mail: service@pear.hk;用户QQ群:373594967
;CP/CDN接入、OEM与其他商务合作
FAQs
PearPlayer.js
The npm package pearplayer receives a total of 8 weekly downloads. As such, pearplayer popularity was classified as not popular.
We found that pearplayer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.