![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
svgicons2svgfont
Advanced tools
Package description
The svgicons2svgfont npm package is a tool that converts a set of SVG icons into a single SVG font. This is useful for creating icon fonts that can be used in web development, allowing for scalable and customizable icons.
Convert SVG icons to SVG font
This feature allows you to convert a directory of SVG icons into a single SVG font file. The code sample demonstrates how to read SVG files from a directory, create a font stream, and write the resulting SVG font to a file.
const fs = require('fs');
const SVGIcons2SVGFontStream = require('svgicons2svgfont');
const fontStream = new SVGIcons2SVGFontStream({
fontName: 'myfont'
});
fontStream.pipe(fs.createWriteStream('myfont.svg'))
.on('finish', () => {
console.log('Font successfully created!');
})
.on('error', (err) => {
console.error(err);
});
fs.readdirSync('icons').forEach(file => {
const glyph = fs.createReadStream(`icons/${file}`);
glyph.metadata = { unicode: [String.fromCharCode(0xe001 + i)], name: file.replace('.svg', '') };
fontStream.write(glyph);
});
fontStream.end();
The svg2ttf package converts SVG fonts to TTF (TrueType Font) format. While svgicons2svgfont focuses on creating SVG fonts from individual SVG icons, svg2ttf is used for converting those SVG fonts into TTF format, which is widely supported across different platforms.
Fontello is a tool that allows you to build custom icon fonts from a variety of icon sets. It provides a web interface for selecting icons and generating font files in various formats, including SVG, TTF, and WOFF. Unlike svgicons2svgfont, which is a command-line tool, Fontello offers a more user-friendly, graphical approach.
IcoMoon is another popular tool for creating custom icon fonts. It offers both a web app and a command-line tool for generating icon fonts from SVG icons. IcoMoon provides additional features such as icon set management and the ability to generate multiple font formats, making it a more comprehensive solution compared to svgicons2svgfont.
Changelog
10.0.6 (2022-03-12)
https://github.com/nfroidure/svgicons2svgfont/releases/tag/v10.0.6
<a name="10.0.5"></a>
Readme
svgicons2svgfont is a simple tool to merge multiple icons to an SVG font.
'rect', 'line', 'circle', 'ellipsis', 'polyline' and 'polygon' shapes will be converted to pathes. Multiple pathes will be merged.
Transform attributes either on 'g' element or path/shapes elements are currently unsupported.
## Usage NodeJS module:
var svgicons2svgfont = require('svgicons2svgfont')
, fs = require('fs');
, fontStream = svgicons2svgfont([
'icons/directory/icon1.svg',
'icons/directory/icon2.svg'
], options);
// Saving in a file
fontStream.pipe(fs.createWriteStream('font/destination/file.svg'))
.on('finish',function() {
console.log('Font written !')
});
CLI (install the module globally):
svgicons2svgfont icons/directory font/destination/file.svg
The font family name you want (defaults to 'iconfont').
Creates a monospace font of the width of the largest input icon (defaults to false).
The ouputted font height (defaults to the height of the highest input icon).
The font descent (defaults to 0). It is usefull to fix the font baseline yourself.
The ascent formula is : ascent = fontHeight - descent.
npm install grunt-svgicons2svgfont
Feel free to pull your code if you agree with publishing under the MIT license.
FAQs
Unknown package
We found that svgicons2svgfont demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.