npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

slyfox

v0.2.2

Published

Restore overwritten methods on the window and document... Like a fox.

Downloads

1,013

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

perrymitchellperrymitchell

Keywords

Readme

SlyFox

Restore overwritten methods on the window and document... Like a fox.

slyfox Tests status GitHub

About

It's entirely possible, during the execution of a web page, for JavaScript to override many of the core functions providing access to the DOM. This is generally a terrible idea - core functions like document.createElement have very broad use, and overriding them can be dangerous. Why would someone override such a method? There's a number of reasons apparently:

  • PrototypeJS (some versions) thought it was necessary to provide improved support
  • Companies like Osano believe it's their right when protecting their clients from scripts that don't properly check for data transmission consent
  • Some website owners believe that every element passing through such a method should be manipulated or scanned

Whatever the reason it's simply a bad idea.

SlyFox (formerly archetype) is a restoration library aimed at retrieving non-tampered-with method originals through the use of a "safe" iframe it embeds. Copies of these unaltered functions are pulled from the iframe and provided to the caller.

Unlike this library's predecessor, SlyFox does not write these functions over the altered versions. There's ultimately no point fighting like that. This is more of a ponyfill approach rather than a polyfill.

Installation

Install using npm install slyfox --save-dev.

SlyFox provides both an ESM (primary) entry and a UMD build that can be directly injected into browsers. The UMD script is located at dist/umd/index.js. Both builds provide types.

Usage

When using the default (ESM) entry, import the createSession helper to create a new RestoreSession instance. From there you can immediately fetch restored native methods:

import { createSession } from "slyfox";

async function program() {
    const session = await createSession();
    const createEl = session.getNativeMethod("document.createElement");
    const div = createEl("div");
}

getNativeMethod's only argument is the global path to the method you want to process.

While getNativeMethod provides easy access to top-level methods, it doesn't suit prototype-based methods that appear on elements as they're created. For that, you can use getNativePrototypeMethod (though note that it does not support caching like getNativeMethod):

import { createSession } from "slyfox";

async function program() {
    const session = await createSession();
    const createEl = session.getNativeMethod("document.createElement");
    const child = createEl("div");
    const targetElement = document.getElementById("root");
    const targetAppend = session.getNativePrototypeMethod(
        targetElement,
        "appendChild",
        "window.Element.prototype.appendChild"
    );
    targetAppend(child);
}

getNativePrototypeMethod takes 3 arguments:

  1. The element or instance to process as the context
  2. The name of the instance's method to process
  3. The path to the global prototype

Keep the RestoreSession instance around and call it when needed. It caches fetched/bound methods so it doesn't have to reproduce them again every call.

You can also pre-cache some function lookups so you might potentially capture the un-modified versions if you're early enough:

session.precacheMethods([
    "document.createElement",
    "document.body.appendChild"
]);

Caveats

Remember that the returned functions from getNativeMethod are not identical to the original function that was overwritten. That original is either lost or not provided via this library. What is returned is either:

  • The original function, but bound to its parent. Eg. document.querySelector.bind(document).
  • A recovered copy from another iframe, bound to the parent of the top/target frame.

In any case, the elements you interact with, potentially, might not function in the way you'd expect them too with normal calls. Never use instanceof as this might return unexpected values when using this library.