Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@arshaw/postcss-custom-properties
Advanced tools
Readme
Fork Info: Implements #169 by adding a preserveWithFallback
flag.
PostCSS Custom Properties lets you use Custom Properties in CSS, following the CSS Custom Properties specification.
:root {
--color: red;
}
h1 {
color: var(--color);
}
/* becomes */
:root {
--color: red;
}
h1 {
color: red;
color: var(--color);
}
Add PostCSS Custom Properties to your project:
npm install postcss-custom-properties --save-dev
Use PostCSS Custom Properties to process your CSS:
const postcssCustomProperties = require('postcss-custom-properties');
postcssCustomProperties.process(YOUR_CSS /*, processOptions, pluginOptions */);
Or use it as a PostCSS plugin:
const postcss = require('postcss');
const postcssCustomProperties = require('postcss-custom-properties');
postcss([
postcssCustomProperties(/* pluginOptions */)
]).process(YOUR_CSS /*, processOptions */);
PostCSS Custom Properties runs in all Node environments, with special instructions for:
Node | PostCSS CLI | Webpack | Create React App | Gulp | Grunt |
---|
The preserve
option determines whether Custom Properties and properties using
custom properties should be preserved in their original form. By default, both
of these are preserved.
postcssCustomProperties({
preserve: false
});
:root {
--color: red;
}
h1 {
color: var(--color);
}
/* becomes */
h1 {
color: red;
}
The importFrom
option specifies sources where Custom Properties can be imported
from, which might be CSS, JS, and JSON files, functions, and directly passed
objects.
postcssCustomProperties({
importFrom: 'path/to/file.css' // => :root { --color: red }
});
h1 {
color: var(--color);
}
/* becomes */
h1 {
color: red;
}
Multiple sources can be passed into this option, and they will be parsed in the
order they are received. JavaScript files, JSON files, functions, and objects
will need to namespace Custom Properties using the customProperties
or
custom-properties
key.
postcssCustomProperties({
importFrom: [
'path/to/file.css', // :root { --color: red; }
'and/then/this.js', // module.exports = { customProperties: { '--color': 'red' } }
'and/then/that.json', // { "custom-properties": { "--color": "red" } }
{
customProperties: { '--color': 'red' }
},
() => {
const customProperties = { '--color': 'red' };
return { customProperties };
}
]
});
See example imports written in CSS, JS, and JSON.
The exportTo
option specifies destinations where Custom Properties can be exported
to, which might be CSS, JS, and JSON files, functions, and directly passed
objects.
postcssCustomProperties({
exportTo: 'path/to/file.css' // :root { --color: red; }
});
Multiple destinations can be passed into this option, and they will be parsed
in the order they are received. JavaScript files, JSON files, and objects will
need to namespace Custom Properties using the customProperties
or
custom-properties
key.
const cachedObject = { customProperties: {} };
postcssCustomProperties({
exportTo: [
'path/to/file.css', // :root { --color: red; }
'and/then/this.js', // module.exports = { customProperties: { '--color': 'red' } }
'and/then/this.mjs', // export const customProperties = { '--color': 'red' } }
'and/then/that.json', // { "custom-properties": { "--color": "red" } }
cachedObject,
customProperties => {
customProperties // { '--color': 'red' }
}
]
});
FAQs
Use Custom Properties Queries in CSS
The npm package @arshaw/postcss-custom-properties receives a total of 10 weekly downloads. As such, @arshaw/postcss-custom-properties popularity was classified as not popular.
We found that @arshaw/postcss-custom-properties demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.