Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
watermarkjs
Advanced tools
A functional library for watermarking images in the browser. Written with ES6, and made available to current browsers via Babel. Supports urls, file inputs, blobs, and on-page images.
Note: For anyone that is interested: I ported this to a ClojureScript library called Dandy Roll.
Any browser supporting File and FileReader should work. The following browsers have been tested and work:
Please feel free to update this list or submit a fix for a particular browser via a pull request.
watermark.js is available via npm and bower:
# install via npm
$ npm install watermarkjs
# install via bower
$ bower install watermarkjs
// watermark by local path
watermark(['img/photo.jpg', 'img/logo.png'])
.image(watermark.image.lowerRight(0.5))
.then(img => document.getElementById('container').appendChild(img));
// load a url and file object
const upload = document.querySelector('input[type=file]').files[0];
watermark([upload, 'img/logo.png'])
.image(watermark.image.lowerLeft(0.5))
.then(img => document.getElementById('container').appendChild(img));
// watermark from remote source
const options = {
init(img) {
img.crossOrigin = 'anonymous'
}
};
watermark(['http://host.com/photo.jpg', 'http://host.com/logo.png'], options)
.image(watermark.image.lowerRight(0.5))
.then(img => document.getElementById('container').appendChild(img));
Before building or testing, install all the deps:
npm i
There is an npm script you can run to build:
npm run build
Or to kick off the file watcher and build as you make changes, run the start task:
$ npm start
There is an npm script for that too!:
$ npm test
This library uses the Jest testing framework. Due to some current issues with Jest, Node 0.10.x is required to run the tests.
You can view examples and documentation by running the sync
task via npm:
$ npm run sync
The examples demonstrate using watermark images and text, as well as a demonstration of uploading a watermarked image to Amazon S3. It is the same content hosted at http://brianium.github.io/watermarkjs/.
Running npm run dev
will start a browser and start watching source files for changes.
Clearly watermarking on the client has some limitations when watermarking urls and on-page elements. The curious can find urls for non-watermarked images, but it is likely that most average users won't go down this path - keeping this soft barrier useful. However!...
watermark.js has the ability to accept file inputs as a source for watermarking. This makes it easy to preview, watermark, and upload without the non-watermarked image ever becoming public. Check out the uploading demo to see this in action.
This tool certainly shines in admin or CMS environments where you want to generate watermarks and upload them asynchronously where it would not be possible or preferable on the server. One less thing the server has to do can be a good thing :)
Please open issues or pull requests if you have bugs/improvements.
FAQs
Watermarked images in the browser
We found that watermarkjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.