Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
vLitejs is a fast and lightweight Javascript library for customizing video and audio player in Javascript with a minimalist theme (HTML5, Youtube, Vimeo, Dailymotion)
vlitejs
(pronounced /viːlaɪt/
) is a fast and lightweight JavaScript library for customizing video and audio player. Written in native JavaScript without dependency, it is built around an API of providers and plugins to extend these capabilities and keep the core with the minimal functionalities.
HTML5 video and audio players are automatically included. Other providers like Youtube or Vimeo can be loaded on demand with the Provider API. Plugins uses the same logic and can be loaded on demand by the Plugin API. Others providers and plugins can be created and loaded by the library.
Sizes of the vlitejs
bundle compared to the competition:
vlitejs | plyr | video.js | |
---|---|---|---|
Uncompressed | 68 KB | 299 KB | 2100 KB |
Compressed | 27 KB | 110 KB | 560 KB |
Gzip | 6 KB | 32 KB | 159 KB |
Note
vlitejs 5.0.1
,plyr 3.7.8
,videojs 8.3.0
playsinline
attribute.:sparkles: You can support this project with GitHub Sponsors! ♡
If you're interested in playing around with vLitejs, you can use the online code playgrounds on Glitch:
The project includes several examples of vlitejs
implementation in the directory examples
. Run the following commands to build the assets for the examples:
npm run build && npm run build:example
Warning vlitejs@6 is ESM and uses the Node.js package
exports
.
NPM is the recommended installation method. Install vlitejs
in your project with the following command:
npm install vlitejs --save-dev
yarn add vlitejs --dev
Note Minimum supported
Node.js
version is16.20.0
.
You can also download it and include it with a script tag as an ESM.
<link href="https://cdn.jsdelivr.net/npm/vlitejs@6/dist/vlite.css" rel="stylesheet" crossorigin />
<script type="module">
import Vlitejs from 'https://cdn.jsdelivr.net/npm/vlitejs@6';
</script>
Note You can browse the source of the NPM package at jsdelivr.com/package/npm/vlitejs.
<video id="player" src="<path_to_video_mp4>"></video>
<audio id="player" src="<path_to_audio_mp3>"></audio>
<div id="player" data-youtube-id="<video_id>"></div>
<div id="player" data-vimeo-id="<video_id>"></div>
<div id="player" data-dailymotion-id="<video_id>"></div>
Import vlitejs
styleheet and the JavaScript library as an ES6 modules.
import 'vlitejs/vlite.css';
import Vlitejs from 'vlitejs';
The vlitejs
constructor accepts the following parameters:
Arguments | Type | Default | Description |
---|---|---|---|
selector | String|HTMLElement | null | Unique CSS selector string or HTMLElement to target the player |
config | Object | {} | Player configuration (optional) |
Initialize the player with a CSS selector string.
new Vlitejs('#player');
Or, initialize the player with an HTMLElement
.
new Vlitejs(document.querySelector('#player'));
The second arguments of the contructor is an optional object with the following parameters:
Arguments | Type | Default | Description |
---|---|---|---|
options | Object | {} | Player options |
onReady | Function|null | null | Callback function executed when the player is ready |
provider | String | 'html5' | Player provider |
plugins | Array | [] | Player plugins |
new Vlitejs('#player', {
options: {},
onReady: function (player) {},
provider: 'html5',
plugins: []
});
The player controls can be customized with the following parameters:
Options | Type | Default | Description |
---|---|---|---|
controls ¹ ² | Boolean | true | Display the control bar of the video |
autoplay | Boolean | false | Enable the autoplay of the media |
playPause | Boolean | true | Display the play/pause button on the control bar |
progressBar | Boolean | true | Display the progress bar on the control bar |
time | Boolean | true | Display the time information on the control bar |
volume | Boolean | true | Display the volume button on the control bar |
fullscreen ¹ ⁴ | Boolean | true | Display the fullscreen button on the control bar |
poster ¹ | String|null | null | Customize the video poster url |
bigPlay ¹ | Boolean | true | Display the big play button on the poster video |
playsinline ¹ | Boolean | true | Add the playsinline attribute to the video |
loop | Boolean | false | Whether to loop the current media |
muted ¹ | Boolean | false | Whether to mute the current media |
autoHide ¹ | Boolean | false | Auto hide the control bar in the event of inactivity |
autoHideDelay ¹ | Integer | 3000 | Auto hide delay in millisecond |
providerParams ³ | Object | {} | Overrides the player parameters of the provider |
Note
- ¹ Video only.
- ² Vimeo provider requires a Plus or Pro account to use this feature (see Vimeo plans).
- ³ See Youtube embed options and Vimeo embed options.
- ⁴ Fullscreen API not yet supported on iPhone.
The
autoplay
parameter automatically activates themuted
option because the API can only be initiated by a user gesture (see Autoplay policy changes).
Example of customization for the autoHide
and the poster
options.
new Vlitejs('#player', {
options: {
autoHide: true,
poster: '/path/to/poster.jpg'
}
});
The callback function onReady
is automatically executed when the player is ready. The HTML5 video and audio listen to the canplay|loadedmetadata
event. The Youtube, Vimeo and Dailymotion provider listen to the onready
event returned by their API.
The function exposes the player
parameter as the player instance. You can use it to interact with the player instance and the player methods.
Example of a player muted
when ready:
new Vlitejs('#player', {
onReady: function (player) {
player.mute();
}
});
Note The
onReady
function can also be written with an arrow function.
vlitejs
exposes the following native Event
on the .v-vlite
element. Events are standardized for all providers. Each plugin has its own events which are detailed in their dedicated documentation.
Event Type | Description |
---|---|
play | Sent when the playback state is no longer paused, after the play method or the autoplay |
pause | Sent when the playback state is changed to paused |
progress | Sent periodically to inform interested parties of progress downloading the media. |
timeupdate | Sent when the currentTime of the media has changed |
volumechange | Sent when audio volume changes |
enterfullscreen ¹ | Sent when the video switches to fullscreen mode |
exitfullscreen ¹ | Sent when the video exits fullscreen mode |
ended | Sent when playback completes |
Note > ¹ Video only.
Example of a listener when the media triggers a play
event.
new Vlitejs('#player', {
onReady: (player) => {
player.on('play', () => {
// The video starts playing
});
}
});
The player instance exposes the following methods, accessible when the player is ready.
Method | Parameters | Promise | Description |
---|---|---|---|
play() | - | - | Start the playback |
pause() | - | - | Pause the playback |
setVolume(volume) | Number | - | Set the volume between 0 and 1 |
getVolume() | - | Promise | Get the volume |
getCurrentTime() | - | Promise | Get the current time |
getDuration() | - | Promise | Get the duration |
mute() | - | - | Mute the volume |
unMute() | - | - | Unmute the volume |
seekTo(time) | Number | - | Seek to a current time in seconds |
requestFullscreen() | - | - | Request the fullscreen |
exitFullscreen() | - | - | Exit the fullscreen |
getInstance() | - | - | Get the player instance |
loading() | Boolean | - | Set the loading status |
on(event, function) | String, Function | - | Add an event listener |
off(event, function) | String, Function | - | Remove an event listener |
destroy() | - | - | Destroy the player |
Example of media duration
recovery.
new Vlitejs('#player', {
onReady: (player) => {
player.getDuration().then((duration) => {
// The duration is available in the "duration" parameter
});
}
});
The player exposes some custom CSS properties, locally scopped under the .v-vlite
selector. You can use them to customize the design.
Name | Value | Description |
---|---|---|
--vlite-colorPrimary | #ff7f15 | Primary color |
--vlite-transition | 0.25s ease | Transition |
--vlite-controlBarHeight | 50px | Control bar height |
--vlite-controlBarHorizontalPadding | 10px | Control bar horizontal padding |
--vlite-controlBarBackground | linear-gradient(to top, #000 -50%, transparent) | Control bar background |
--vlite-controlsColor | #fff|#000 | Controls color (video|audio) |
--vlite-controlsOpacity | 0.9 | Controls opacity |
--vlite-progressBarHeight | 5px | Progress bar height |
--vlite-progressBarBackground | rgba(0 0 0 / 25%) | Progress bar background |
The player accepts the following keyboard shortcuts.
Key | Action |
---|---|
space | Toggle playback |
Esc | Exit the fullscreen |
← | Seek backward of 5s |
→ | Seek forward of 5s |
↑ | Increase volume of 10% |
↓ | Decrease volume of 10% |
Many thanks to Victor Schirm for the vlitejs
logo.
vlitejs
is licensed under the MIT License.
Created with ♡ by @yoriiis.
FAQs
vLitejs is a fast and lightweight Javascript library for customizing video and audio player in Javascript with a minimalist theme (HTML5, Youtube, Vimeo, Dailymotion)
The npm package vlitejs receives a total of 3,813 weekly downloads. As such, vlitejs popularity was classified as popular.
We found that vlitejs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.