
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
svelte-multiselect
Advanced tools
yarn add -D svelte-multiselect
<script>
import MultiSelect from 'svelte-multiselect'
const webFrameworks = [
`Svelte`,
`React`,
`Vue`,
`Angular`,
`Polymer`,
`Ruby on Rails`,
`ASP.net`,
`Laravel`,
`Django`,
`Express`,
`Spring`,
]
const name = `webFrameworks`
const placeholder = `Take your pick...`
const required = true
let input
</script>
Favorite Web Frameworks?
<MultiSelect bind:input {name} {placeholder} options={webFrameworks} {required} />
Full list of props/bindable variables for this component:
options
(required): Array of strings (or integers) that will be listed in the dropdown selection.selected = []
: Array of currently/pre-selected options when binding/passing as props respectively.readonly = false
: Disables the input. User won't be able to interact with it.placeholder = ''
: String shown when no option is selected.single = false
: Allows only a single option to be selected when true.required = false
: Prevents submission in an HTML form when true.input = undefined
: Handle to the DOM node storing the currently selected options in JSON format as its value
attribute.name = ''
: Used as reference for associating HTML form labels with this component as well as for the input
id
. That is, the same DOM node input
bindable through <MultiSelect bind:input />
is also retrievable via document.getElementByID(name)
e.g. for use in a JS file outside a Svelte component.FAQs
Svelte multi-select component
The npm package svelte-multiselect receives a total of 11,059 weekly downloads. As such, svelte-multiselect popularity was classified as popular.
We found that svelte-multiselect demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.