Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
uploadcare-picture
Advanced tools
Uploadcare Picture
This is an Uploadcare responsive <picture> component. It provides
more control over image behavior: you can adjust image sizes to different
media queries, control output formats, etc.
You also get:
- Less code
- All images served via Uploadcare CDN
- One uploaded image and all of its versions generated on-the-fly via UC Image Processing
Install
You can get the component via npm:
npm install uploadcare-picture
You would not need an Uploadcare account for testing purposes: just use UUIDs provided in this readme. However, implementing the component requires you to have an Uploadcare account; you can get one here.
Usage
The function can be used directly or through one of the adapters.
import getPictureObject from 'uploadcare-picture'
const uuid = '18d1c520-c52d-4c34-82a0-7e07dcbcf105'
const options = {
sizes: {
'(max-width: 1024px)': '768px',
'default': '1024px'
},
formats: ['jpg', 'webp'],
name: 'example'
}
const picture = getPictureObject(uuid, options)
The function provides an object in the output, like this:
{
sources: [
{
srcset: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/768x/-/format/webp/example.webp 1x, https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/1536x/-/format/webp/example.webp 2x`,
type: 'image/webp',
media: '(max-width: 1024px)',
sizes: '768px',
},
{
srcset: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/1024x/-/format/webp/example.webp 1x, https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/2048x/-/format/webp/example.webp 2x`,
type: 'image/webp',
sizes: '1024px',
},
{
srcset: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/768x/-/format/jpg/example.jpg 1x, https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/1536x/-/format/jpg/example.jpg 2x`,
type: 'image/jpg',
media: '(max-width: 1024px)',
sizes: '768px',
},
{
srcset: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/1024x/-/format/jpg/example.jpg 1x, https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/2048x/-/format/jpg/example.jpg 2x`,
type: 'image/jpg',
sizes: '1024px',
},
],
image: {
alt: 'example',
src: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/1024x/-/format/auto/example`,
srcset: `https://ucarecdn.com/18d1c520-c52d-4c34-82a0-7e07dcbcf105/-/resize/2048x/-/format/auto/example 2x`,
sizes: '1024px',
},
}
You can further transpile such objects to <picture> via any library
or framework you like.
Options
width string|number
Required, if not set sizes.default.
Sets the width of an <img /> element.
sizes object
Required, if not set width.
Keys in the object are media queries while sizes define your picture dimensions for them.
formats array<string>
Optional, default values is ['auto'].
An array holding the allowed formats for your picture sources.
pixel_density array<number|string>|number|string
Optional, default value is [1, 2].
An array of pixel density value(-s) for resizing your picture sources.
name string
Optional.
An RFC3986-compliant filename.
Adapters
JSX
import UploadcarePicture from 'uploadcare-picture/adapters/jsx'
const Picture = () =>
<UploadcarePicture
uuid='18d1c520-c52d-4c34-82a0-7e07dcbcf105'
formats={['webp', 'jpg']}
sizes={{
'(max-width: 1024px)': '768px',
'default': 1024,
}}
name='example' />
Nunjucks
import {configure} from 'nunjucks'
import UploadcarePicture from 'uploadcare-picture/adapters/nunjucks'
const nunjucks = configure('templates', {autoescape: false})
nunjucks.addExtension('UploadcarePicture', new UploadcarePicture())
const template = `{% uploadcarePicture
uuid='18d1c520-c52d-4c34-82a0-7e07dcbcf105',
formats=['webp', 'jpg'],
sizes={
'(max-width: 1024px)': 768,
'default': 1024
},
name='example'
%}`
const picture = nunjucks.renderString(template)
Testing
Run linters and tests
npm test
Feedback
GitHub issues and PRs are welcome. You can also post any questions around the UC Community Area.
1.1.0 - 2018.03.20
Added
- Adapters, now import from
uploadcare-picture/adapters/nunjucksanduploadcare-picture/adapters/jsxworks.
Fixed
- Description of options in README.
FAQs
Create responsive picture with Uploadcare CDN.
The npm package uploadcare-picture receives a total of 0 weekly downloads. As such, uploadcare-picture popularity was classified as not popular.
We found that uploadcare-picture demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Mar 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025