Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
touch-pad
Track drags and touches on an element, a bit like a touchpad or trackpad.
Demo
The best way to understand how touch-pad works is to try it. But the GIF below may give
you a quick idea.
Installation
npm install touch-pad
Usage
This package provides a web component and an event processor class. In both cases
TouchPadMoveEvents are emitted when the user drags or touches the element. The event
detail property contains an x and y property with the current position of the touch or
drag relative to the top left corner of the element as a fraction of the element's width and
height.
As a Web Component
import 'touch-pad/define'
The touch-pad/define module automatically registers the touch-pad custom element. You
can now use it in your HTML.
<touch-pad>
<interactive-element><interactive-element>
</touch-pad>
If you prefer to do your own registration, you can instead import { TouchPad } from 'touch-pad' to get the class.
Now you can listen for touchpadmove events on the touch-pad element (or on its
ancestors).
document.querySelector('touch-pad').addEventListener('touchpadmove', (event) => {
console.log(event.detail)
})
As a Class
import { TouchPadEventProcessor } from 'touch-pad'
const eventProcessor = new TouchPadEventProcessor(
document.querySelector('interactive-element')
)
eventProcessor.listen()
The <interactive-element> will now emit touchpadmove events when the user drags or
touches it.
document.querySelector('interactive-element').addEventListener('touchpadmove', (event) => {
console.log(event.detail)
})
If do not want your element to emit touchpadmove events into the DOM, you can specify an EventTarget as the second argument to the constructor.
const touchMoveTarget = new EventTarget()
touchMoveTarget.addEventListener('touchpadmove', (event) => {
console.log(event.detail)
})
const eventProcessor = new TouchPadEventProcessor(
document.querySelector('interactive-element'),
touchMoveTarget
)
eventProcessor.listen()
Cleanup
If the source element is removed from the DOM, you should call eventProcessor.unlisten()
to stop listening for events. Failure to do so may result in memory leaks, since it adds
event listeners to the element’s document. This is not necessary for the web component usage
pattern where this is handled for you.
FAQs
Track drags and touches on an element, a bit like a touchpad or trackpad
We found that touch-pad demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025