Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
[![npm version](https://badge.fury.io/js/react-xr.svg)](https://badge.fury.io/js/react-xr) ![npm](https://img.shields.io/npm/dt/react-xr.svg)
WebXR + react-three-fiber
React components and hooks for creating VR/AR applications with react-three-fiber
Note: Extremely early in development. Contributors welcome!
These demos are real, you can click them! They contain the full code, too.
yarn add react-xr
Add VRCanvas
or ARCanvas
component (or replace your existing react-three-fiber Canvas
component)
import { VRCanvas } from 'react-xr'
function App() {
return (
<VRCanvas>
{/* All your regular react-three-fiber elements go here */}
</VRCanvas>
To get started with default controller models add DefaultXRControllers
component. It will fetch appropriate input profile models. You can learn more here.
import { VRCanvas, DefaultXRControllers } from 'react-xr'
<VRCanvas>
<DefaultXRControllers />
You can access controllers' state (position, orientation, etc.) by using useXR()
hook
const { controllers } = useXR()
Extended react-three-fiber Canvas that includes:
For VR apps use VRCanvas
and for AR apps use ARCanvas
import { VRCanvas } from 'react-xr'
<VRCanvas>
{/* All your regular react-three-fiber elements go here */}
</VRCanvas>
Hook that can only beused by components inside XRCanvas
component.
const { controllers } = useXR()
Controllers is an array of XRController
objects
interface XRController {
grip: Group
controller: Group
inputSource: XRInputSource
// ...
// more in XRController.ts
}
grip
and controller
are ThreeJS groups that have the position and orientation of xr controllers. grip
has an orientation that should be used to render virtual objects such that they appear to be held in the user’s hand and controller
has an orientation of the preferred pointing ray.
inputSource
is the WebXR input source (MDN). Note that it will not be available before controller is connected.
Every controller emits following events: select, selectstart, selectend, squeeze, squeezestart, squeezeend.
To listen to those events use useXREvent
hook:
const onSqueeze = useCallback(() => console.log('Squeezed'), [])
useXREvent('squeeze', onSqueeze)
it supports optional third parameter with options
const onSqueeze = useCallback(() => console.log('Left controller squeeze'), [])
useXREvent('squeeze', onSqueeze, { handedness: 'left' })
Use this hook to get n instance of the controller
const leftController = useController('left')
<Hands>
Add hands model for hand-tracking. Currently only works on Oculus Quest with #webxr-hands experimental flag enabled
<VRCanvas>
<Hands />
react-xr
comes with built-in high level interaction components.
<Hover>
Hover
component will allow you for detecting when ray shot from the controllers is pointing at the given mesh.
<Hover onChange={(value) => console.log(value ? 'hovered' : 'blurred')}>
<mesh />
</Hover>
<Select>
Select
can be used when you need to select some mesh. Component will trigger onSelect
function when controller is pointing at the given mesh and select
event was fired.
<Select onSelect={() => console.log('mesh has been selected')}>
<mesh />
</Select>
To get the position of the VR camera, use three's WebXRManager instance.
const { camera } = useThree()
const cam = gl.xr.isPresenting ? gl.xr.getCamera(camera) : camera
If you want to attach the user to an object so it can be moved around, just parent the VR camera and controllers to an object3D.
const mesh = useRef()
const { gl, camera } = useThree()
useEffect(() => {
const cam = gl.xr.isPresenting ? gl.xr.getCamera(camera) : camera
mesh.current.add(cam)
return () => mesh.current.remove(cam)
}, [gl.xr.isPresenting, gl.xr, camera, mesh])
// bundle add the controllers to the same object as the camera so it all stays together.
const { controllers } = useXR()
useEffect(() => {
if (controllers.length > 0) controllers.forEach((c) => mesh.current.add(c.grip))
return () => controllers.forEach((c) => mesh.current.remove(c.grip))
}, [controllers, mesh])
FAQs
[![npm version](https://badge.fury.io/js/react-xr.svg)](https://badge.fury.io/js/react-xr) ![npm](https://img.shields.io/npm/dt/react-xr.svg)
The npm package react-xr receives a total of 64 weekly downloads. As such, react-xr popularity was classified as not popular.
We found that react-xr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.