Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
windups
Advanced tools
Changelog
v1.1.1
Readme
A typewriter effect library for React.
Examples, API docs, and guides can all be found at the docs site!
Apply the typewriter (or, ahem, "windup") effect to:
Use the API to:
Want to see a codebase that makes extensive, real-word use of this package? Source for the docs site is at https://github.com/sgwilym/windups-docs
Where the action is happening in this codebase.
src/Windup.ts
The bulk of the file are functions which return modified versions of a windup (e.g. next
, rewind
), utilities (e.g. isUnplayed
), or functions for creating a Windup data structure (e.g. windupFromString
).
The windup data structure is also described here:
src/react/useWindup.ts
This is a hook that is used internally by WindupChildren
and useWindupString
. It does the bulk of the work of a windup: scheduling the next update, triggering effects, returning callbacks for rewinding/skipping etc.
src/react/useWindupString.ts
This hook does very little: it just turns a string into a windup and passes it along to useWindup
.
src/react/WindupChildren.tsx
A lot going on in this one: transforming the children
data type into a Windup, and a rough heuristic to determine when the value of children
has 'changed' (big quotation marks).
FAQs
Unknown package
The npm package windups receives a total of 2,226 weekly downloads. As such, windups popularity was classified as popular.
We found that windups demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.