
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@czap/compiler
Advanced tools
Compile one LiteShip boundary definition into many outputs at once — CSS, GLSL, WGSL, ARIA, AI descriptions, and Tailwind — so every target stays in sync.
Compiles boundary definitions — named states over numeric thresholds — and per-state values into @container CSS rules, GLSL/WGSL shader uniforms, ARIA attributes, and AI manifests.
You usually don't install this directly — it arrives as a dependency of @czap/vite, which compiles your authored CSS at build time. Install
@czap/viteinstead unless you want to call a compile target yourself, e.g. in your own build script.
# inside a build integration (the usual path):
pnpm add @czap/vite # brings @czap/compiler with it
# to run the example below directly (pnpm does not hoist transitives):
pnpm add @czap/compiler @czap/core effect@beta
effect must be the Effect 4 beta — a bare pnpm add effect installs 3.x and fails the peer check.
import { Boundary } from '@czap/core';
import { CSSCompiler } from '@czap/compiler';
const width = Boundary.make({
input: 'width',
at: [[0, 'sm'], [768, 'lg']],
});
const result = CSSCompiler.compile(width, {
sm: { 'font-size': '14px' },
lg: { 'font-size': '18px' },
}, '.card');
console.log(result.raw);
Prints two @container blocks: (width < 768px) styling .card at 14px, and (width >= 768px) at 18px. result.containerRules holds the same output as structured data.
This is a layered package of pure functions from definitions to text — no DOM, no file system, nothing thrown. Its only @czap dependency is @czap/core, the source of the boundary, token, style, and theme definitions it compiles. Live evaluation as values change at runtime lives in @czap/quantizer; writing compiled CSS into your bundle is @czap/vite's job. See the
package surfaces map
for the full layout.
State keys in the second argument are all optional, so a misspelled state name produces no rule and no error — the output is just missing a block. If result.raw is shorter than expected, compare your keys against boundary.states.
Part of LiteShip — powered by the CZAP engine (Content-Zoned Adaptive Projection), distributed as @czap/* packages.
FAQs
Compile one LiteShip boundary definition into many outputs at once — CSS, GLSL, WGSL, ARIA, AI descriptions, and Tailwind — so every target stays in sync.
The npm package @czap/compiler receives a total of 333 weekly downloads. As such, @czap/compiler popularity was classified as not popular.
We found that @czap/compiler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.