Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@digital-realty/ix-twlit
Advanced tools
This package allows us to utilize TailwindCSS from within LitElement components.
We need to setup the TailwindCSS build process as normal (either via running npx tailwindcss or by configuring it as a PostCSS plugind). See the TailwindCSS site for detils on this.
Once you have tailwind setup to scan the LitElement for classes and produce a CSS file, TWLit then looks for changes to this file and then creates a JS file from it that can be imported to the Static Styles propert of you LitElement. This gives us a nice DX in that Tailwind classes added to your LitElement are automatically generated and can be used with no manual build step required.
This approach also means we use the constructable style sheets functionality that LitElement provides and as such the style sheet will not be duplicated if more than one of our LitElement components are present in the application.
This package has been customised to output to comma seperated paths and also have an optional watch. This is so you can easily hand it a TypeScript location as well as an out-tsc (typescript compiled) location.
The original package and a full working example of this in use can be found here: https://github.com/MarkJamesHoward/TWLitExampleUse
npx twlit --input ./tw.css --output ./twlit.js
npx twlit --input ./tw.css --output ./twlit.ts,./out-tsc/twlit.js
"scripts": { "dev" : "twlit --input ./tw.css --output ./twlit.js --watch" }
The process will constantly watch the input file and output a new JS file on each change.
Specify the location of your tailwind generated CSS file. In the above example this is the 'tw.css' file. This is the file spit out from running either npx tailwindcss or from your PostCSS setup of tailwind. Either way it contains all the class definitions that we need inside of our LitElement
The output is a JS file that contains all the Tailwind classes within a tagged template literal. This can now be imported into your LitElement
Specify if you want to watch the input for changes and automatically recompile.
We need to import the JS file that is spit out (from --output above)
import { TWStyles } from "./tailwind/twlit.js";
And then include this in the static Styles property of our LitElement:
static styles = [css``, TWStyles];
FAQs
Wrap tailwindcss in css`` for consumption by Lit
The npm package @digital-realty/ix-twlit receives a total of 772 weekly downloads. As such, @digital-realty/ix-twlit popularity was classified as not popular.
We found that @digital-realty/ix-twlit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.