Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
signature_pad
Advanced tools
The signature_pad npm package is a JavaScript library for drawing smooth signatures. It allows users to draw signatures on a canvas element and provides functionalities to save, load, and manipulate the signature data.
Drawing Signatures
This feature allows users to draw signatures on a canvas element. The SignaturePad instance is created by passing a canvas element to the constructor.
const canvas = document.querySelector('canvas');
const signaturePad = new SignaturePad(canvas);
Saving Signatures
This feature allows users to save the drawn signature as a data URL. The toDataURL method returns the signature image as a base64-encoded PNG.
const dataURL = signaturePad.toDataURL();
console.log(dataURL);
Clearing the Canvas
This feature allows users to clear the canvas, removing any drawn signature. The clear method resets the canvas to its initial state.
signaturePad.clear();
Loading Signatures
This feature allows users to load a previously saved signature. The toData method returns an array of point groups, and the fromData method loads this data back onto the canvas.
const data = signaturePad.toData();
signaturePad.fromData(data);
react-signature-canvas is a React wrapper around the signature_pad library. It provides similar functionalities but is designed to work seamlessly with React applications. It offers a more React-friendly API and integrates well with React's state management.
Signature Pad is a JavaScript library for drawing smooth signatures. It's HTML5 canvas based and uses variable width Bézier curve interpolation based on Smoother Signatures post by Square. It works in all modern desktop and mobile browsers and doesn't depend on any external libraries.
Demo works in desktop and mobile browsers. You can check out its source code for some tips on how to handle window resize and high DPI screens. You can also find more about the latter in HTML5 Rocks tutorial.
You can install the latest release using npm:
npm install --save signature_pad
or Yarn:
yarn add signature_pad
You can also add it directly to your page using <script>
tag:
<script src="https://cdnjs.cloudflare.com/ajax/libs/signature_pad/1.5.3/signature_pad.min.js"></script>
You can select a different version at https://cdnjs.com/libraries/signature_pad.
var canvas = document.querySelector("canvas");
var signaturePad = new SignaturePad(canvas);
// Returns signature image as data URL (see https://mdn.io/todataurl for the list of possible parameters)
signaturePad.toDataURL(); // save image as PNG
signaturePad.toDataURL("image/jpeg"); // save image as JPEG
signaturePad.toDataURL("image/svg+xml"); // save image as SVG
// Draws signature image from data URL
signaturePad.fromDataURL("data:image/png;base64,iVBORw0K...");
// Returns signature image as an array of point groups
const data = signaturePad.toData();
// Draws signature image from an array of point groups
signaturePad.fromData(data);
// Clears the canvas
signaturePad.clear();
// Returns true if canvas is empty, otherwise returns false
signaturePad.isEmpty();
// Unbinds all event handlers
signaturePad.off();
// Rebinds all event handlers
signaturePad.on();
0.5
.2.5
.context.fillStyle
. Defaults to "rgba(0,0,0,0)"
(transparent black). Use a non-transparent color e.g. "rgb(255,255,255)"
(opaque white) if you'd like to save signatures as JPEG images.context.fillStyle
. Defaults to "black"
.0.7
.You can set options during initialization:
var signaturePad = new SignaturePad(canvas, {
minWidth: 5,
maxWidth: 10,
penColor: "rgb(66, 133, 244)"
});
or during runtime:
var signaturePad = new SignaturePad(canvas);
signaturePad.minWidth = 5;
signaturePad.maxWidth = 10;
signaturePad.penColor = "rgb(66, 133, 244)";
To correctly handle canvas on low and high DPI screens one has to take devicePixelRatio
into account and scale the canvas accordingly. This scaling is also necessary to properly display signatures loaded via SignaturePad#fromDataURL
. Here's an example how it can be done:
function resizeCanvas() {
var ratio = Math.max(window.devicePixelRatio || 1, 1);
canvas.width = canvas.offsetWidth * ratio;
canvas.height = canvas.offsetHeight * ratio;
canvas.getContext("2d").scale(ratio, ratio);
signaturePad.clear(); // otherwise isEmpty() might return incorrect value
}
window.addEventListener("resize", resizeCanvas);
resizeCanvas();
Instead of resize
event you can listen to screen orientation change, if you're using this library only on mobile devices. You can also throttle the resize
event - you can find some examples on this MDN page.
When you modify width or height of a canvas, it will be automatically cleared by the browser. SignaturePad doesn't know about it by itself, so you can call signaturePad.clear()
to make sure that signaturePad.isEmpty()
returns correct value in this case.
This clearing of the canvas by the browser can be annoying, especially on mobile devices e.g. when screen orientation is changed. There are a few workarounds though, e.g. you can lock screen orientation, or read an image from the canvas before resizing it and write the image back after.
If you are not familiar with data URI scheme, you can read more about it on Wikipedia.
There are 2 ways you can handle data URI encoded images.
You could simply store it in your database as a string and display it in HTML like this:
<img src="data:image/png;base64,iVBORw0K..." />
but this way has many disadvantages - it's not easy to get image dimensions, you can't manipulate it e.g. to create a thumbnail and it also has some performance issues on mobile devices.
Thus, more common way is to decode it and store as a file. Here's an example in Ruby:
require "base64"
data_uri = "data:image/png;base64,iVBORw0K..."
encoded_image = data_uri.split(",")[1]
decoded_image = Base64.decode64(encoded_image)
File.open("signature.png", "wb") { |f| f.write(decoded_image) }
Here's an example in PHP:
$data_uri = "data:image/png;base64,iVBORw0K...";
$encoded_image = explode(",", $data_uri)[1];
$decoded_image = base64_decode($encoded_image);
file_put_contents("signature.png", $decoded_image);
If you'd like to remove (trim) empty space around a signature, you can do it on the server side or the client side. On the server side you can use e.g. ImageMagic and its trim
option: convert -trim input.jpg output.jpg
. If you don't have access to the server, or just want to trim the image before submitting it to the server, you can do it on the client side as well. There are a few examples how to do it, e.g. here or here and there's also a tiny library https://github.com/agilgur5/trim-canvas that provides this functionality.
Demo: https://jsfiddle.net/szimek/d6a78gwq/
Released under the MIT License.
FAQs
Library for drawing smooth signatures.
The npm package signature_pad receives a total of 512,986 weekly downloads. As such, signature_pad popularity was classified as popular.
We found that signature_pad demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.