Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@hint/parser-css
Advanced tools
@hint/parser-css
)The CSS
parser is built on top of PostCSS so hints can
analyze CSS
files.
To use it you will have to install it via npm
:
npm install @hint/parser-css
Note: You can make npm
install it as a devDependency
using the
--save-dev
parameter, or to install it globally, you can use the
-g
parameter. For other options see npm
's
documentation.
And then activate it via the .hintrc
configuration file:
{
"connector": {...},
"formatters": [...],
"hints": {
...
},
"parsers": ["css"],
...
}
This parser
emits the following events:
parse::start::css
of type Event
which contains the following information:
resource
: the resource we are going to parse.parse::end::css
of type StyleParse
which has the following information:
ast
: a PostCSS Root
object containing the AST.
See the PostCSS walk*
APIs for help navigating
the AST.code
: a string containing the raw stylesheet source code.element
: an HTMLElement
reference if the source was inline
in HTML; null
otherwise.resource
: the parsed resource. If the CSS is in a style tag
and not a file, the value will refer to the HTML document containing
the stylesheet.FAQs
webhint parser needed to analyze CSS files
The npm package @hint/parser-css receives a total of 16,802 weekly downloads. As such, @hint/parser-css popularity was classified as popular.
We found that @hint/parser-css demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.