
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
Wowfy is a JavaScript animation library for applying a wide range of fascinating, amazing, and eye-catching effects, enhancing the visual appeal of your web projects. It is implemented using JavaScript to create various magical CSS effects and offers user-friendly options for adjusting the effects.
Please follow the documentation at wowfyjs.com
In the CDN installation selection, you have the choice between the Global or ES Module import methods.
The Global import method is as follows:
<html>
<head>
...
<script src="https://unpkg.com/wowfy/dist/wowfy.global.js"></script>
...
</head>
<body>
...
</body>
</html>
The ES Module import method requires setting type="module" inside the script tag and using "import" to import the functions or classes you want to use.
The ES Module import method is as follows:
<html>
<head>
...
</head>
<body>
...
<script type="module">
import { wowfyInit } from "https://unpkg.com/wowfy/dist/wowfy.mjs";
wowfyInit();
</script>
</body>
</html>
You can install Wowfy using package managers like npm, yarn, or pnpm.
npm install wowfy
yarn add wowfy
pnpm install wowfy
<html>
<head>
...
<script src="https://unpkg.com/wowfy/dist/wowfy.global.js"></script>
...
</head>
<body>
<div
w-ripple
w-duration="1s"
w-background="#fff"
>
Click
</div>
</body>
</html>
<html>
<head>
...
<script src="https://unpkg.com/wowfy/dist/wowfy.global.js"></script>
...
</head>
<body>
...
<div class="btn">
Wowfy
</div>
...
<script>
const btn = document.querySelector(".btn");
const wow = new Wowfy(btn, "ripple", {
duration: "1s",
background: "#fffa",
});
</script>
</body>
</html>
For more usage, please refer to the documentation.
FAQs
An awesome and easy-to-use JavaScript animation library.
We found that wowfy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.