Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@cmcm/stylelint-config
Advanced tools
在你的项目中安装 Stylelint 和本项目的 npm 包(以下简称 “本包”):
npm i -D stylelint
npm i -D @cmcm/stylelint-config
在你的项目的根目录添加 .stylelintrc.js
文件:
module.exports = {
extends: [
'@cmcm/stylelint-config',
],
}
在 extends
字段指定预设的配置包,各配置包的具体含义参见下面的 “配置包” 段落。
如果你的项目需要禁用或覆盖配置包中的某条规则,可以添加 rules
字段并写入你自己的规则配置:
rules: {
'block-no-empty': null, // 禁用某条规则
'color-hex-case': 'lower', // 覆盖某条规则
},
如果你需要把特定文件排除在校验范围之外,可添加 ignoreFiles
字段:
ignoreFiles: [
'./src/vendor/**/*.*',
],
在你的项目的 package.json
文件中添加脚本:
{
"scripts": {
"lint-css": "stylelint src/**/*.scss src/**/*.vue"
}
}
执行以下命令开始校验 CSS 代码:
npm run lint-css
如果需要 Stylelint 帮忙修复,执行以下命令:(注意:只有部分问题可以自动修复)
npm run lint-css -- --fix
如有必要,你可以把上述命令整合到 CI、Git hook 等工作流中。
本包包含了多个预设的配置包,可以搭配使用。它们的含义分别如下:
配置包 | 含义 | 备注 |
---|---|---|
'@cmcm/stylelint-config' | 包含 所有规则 | 相当于同时启用以下三个配置包 |
'@cmcm/stylelint-config/preset/essential' | 包含 “疑似写错” 类型的规则 | 强制所有项目使用 |
'@cmcm/stylelint-config/preset/recommended' | 包含 “限制语言特性” 类型的规则 | 强烈推荐所有项目使用 |
'@cmcm/stylelint-config/preset/stylistic' | 包含 “代码风格约定” 类型的规则 | 推荐使用 |
我们可以在 .stylelintrc.js
文件的 extends
字段同时指定多个配置包:
extends: [
'@cmcm/stylelint-config/preset/essential',
'@cmcm/stylelint-config/preset/recommended',
],
FAQs
Stylelint config for daily development
The npm package @cmcm/stylelint-config receives a total of 0 weekly downloads. As such, @cmcm/stylelint-config popularity was classified as not popular.
We found that @cmcm/stylelint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.