Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@10up/stylelint-config
Advanced tools
At 10up, we strive to provide digital products that yield a top-notch user experience. In order to improve both our efficiency and consistency, we need to standardize what we use and how we use it. This theme scaffold allows us to share initial set up procedures to make sure all projects can get up and running as quickly as possible while closely adhering to 10up's high quality standards.
If you're using npm >= 7
you might not need to install Stylelint directly since it's stated as a peerDependency
. If you have a version that's not equal or greater than 7
, you'll need to install Stylelint manually.
First, install Stylelint:
// NPM
npm install stylelint --save-dev
// Yarn
yarn add stylelint
Then install the 10up Stylelint config:
// NPM
npm install @10up/stylelint-config --save-dev
Add the following to your .stylelintrc
file:
{
"extends": [
"@10up/stylelint-config"
]
}
By default, 10up Stylelint Config does not support out-the-box support for scss
based projects. That being said, it is not difficult to add support by following the below process:
Install the stylelint-config-standard-scss
dependency:
// NPM
npm install stylelint-config-standard-scss --save-dev
You will then need to update the plugins section of your projects .stylelintrc
:
{
"extends": [
"stylelint-config-standard-scss",
"@10up/stylelint-config/scss"
]
}
A set of rules are located on the packages NPM page if you would like to override or customize the defaults further.
Certain rules that apply to flavours of CSS (postcss
, scss
, sass
, etc) can cause a conflict in your build pipelines. One such rule is
Selector Nested Pattern.
By default, we ensure that any nested css
uses a prefixed &
symbol, as required in languages like postcss
or postcss-preset-env
, however you will want to turn this off if using scss
.
To get around this issue, add the following to your projects, .stylelintrc
{
"rules": [
"selector-nested-pattern": null,
]
}
Run npm install stylelint-webpack-plugin --save-dev
. You should already have the proper loader in postcss-loader
, but if you don't install that as well. After installing stylelint and the configuration above add the following to your Webpack config:
import StyleLintPlugin from 'stylelint-webpack-plugin';
plugins: [
new StyleLintPlugin( {
configFile: ".stylelintrc", // if your config is in a non-standard place
files: "src/**/*.css", // location of your CSS files
fix: true, // if you want to auto-fix some of the basic rules
} ),
]
Read more about these options at stylelint-webpack-plugin, the main stylelint documentation and postcss-loader. That should be all you need, but if there are any errors in this documentation, please file an issue and let us know!
Certain rules / violations can be fixed automatically using the --fix
flag via the command line.
To ensure that Stylelint fixes what it can, you can run:
stylelint path/to/css/file.css --fix`
FAQs
10up stylelint config for WordPress projects
We found that @10up/stylelint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.