
Security News
/Research
npm Phishing Email Targets Developers with Typosquatted Domain
A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.
position.js
Advanced tools
Positions a popup element to an anchor element 😉
const {
placement, // actual placement
popupOffset, // CSS position: {left, top}
arrowOffset, // CSS position: {left, top}
popupRect,
anchorRect,
} = position(popup, anchor, 'top', options)
// DOM
Object.assign(popup.style, popupOffset)
// React
<Popup style={popupOffset} arrowOffset={arrowOffset} placement={placement} />
position(popup, anchor, placement, options)
{
// use fixed or absolute position, defaults to false
fixed: false,
// any scroller element, defaults to document.body
offsetParent: document.body,
// 'auto': adjusts horizontally or vertically, 'both': adjusts horizontally and vertically, defaults to 'none'
adjustXY: 'none',
}
top
right
bottom
left
center
top-left
top-right
right-top
right-bottom
bottom-left
bottom-right
left-top
left-bottom
position(popup, anchor, {popup: 'left-top', anchor: 'right-top'})
// same as `right-top` placement
position(popup, anchor, 'right-top')
FAQs
Positions a popup element to an anchor element.
The npm package position.js receives a total of 373 weekly downloads. As such, position.js popularity was classified as not popular.
We found that position.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.
Security News
Knip hits 500 releases with v5.62.0, refining TypeScript config detection and updating plugins as monthly npm downloads approach 12M.
Security News
The EU Cyber Resilience Act is prompting compliance requests that open source maintainers may not be obligated or equipped to handle.