Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
FE Library to perform image annotations. Pretty barebones. Used at [Wide Eyes](http://wide-eyes.it).
#Bbox library
FE Library to perform image annotations.
npm i --save we-bbox
To start:
const bbox = Bbox({
canvasContainer: <DOM element>,
image: <DOM element>,
onload?: <Function>
})
canvasContainer
is the dom element that shall contain the annotator.
image
is the img dom element containing the image to annotate.
onload
is an optional callback function.
You can subscribe to annotations:
bbox.subscribe((annotation: <Object>) => console.log(annotation))
annotation
is an object with parameters x1, y1, x2, y2 corresponding to the coordinates of the upper left and bottom right corners of the bounding box.
The callback gets called everytime the bbox is edited in some significant way.
You can remove the annotator by calling the dispose function:
bbox.dispose()
This will destroy all content within the canvasContainer
.
You can tell the library to set the bbox you want over the image:
bbox.setBbox({x1: 0, x2: 10, y1: 0, y2: 10})
Webpack dev server: npm start
build for production: npm run build
FAQs
FE Library to perform image annotations. Pretty barebones. Used at [Wide Eyes](http://wide-eyes.it).
The npm package we-bbox receives a total of 11 weekly downloads. As such, we-bbox popularity was classified as not popular.
We found that we-bbox demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.