Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@quickbaseoss/babel-plugin-styled-components-css-namespace
Advanced tools
A babel plugin to add css namespaces to all styled components.
yarn add @quickbaseoss/babel-plugin-styled-components-css-namespace
or npm install @quickbaseoss/babel-plugin-styled-components-css-namespace
"babel": {
"plugins": [
"@quickbaseoss/babel-plugin-styled-components-css-namespace"
]
}
If you are also using babel-plugin-styled-components, you must place styled-components-css-namespace
before babel-plugin-styled-components
.
"babel": {
"plugins": [
"@quickbaseoss/babel-plugin-styled-components-css-namespace",
"babel-plugin-styled-components"
]
}
Without adding options, this plugin will duplicate the class name generated by styled-components
as suggested in this issue.
/* output */
.c0.c0 {
background-color: blue;
}
A common scenario when integrating styled-components into existing projects is fighting against extremely specific legacy CSS selectors such as #someId .grossly .nested section input {/* styles */}
.
To increase the specificity that this plugin adds, you can leverage the recommended approach from the styled-components docs. Add the appropriate number of &
selectors equal to the desired selector duplication as the cssNamespace
option (the default behavior is x2 {"cssNamespace": "&&"}
).
{
"plugins": [
[
"@quickbaseoss/babel-plugin-styled-components-css-namespace",
{"cssNamespace": "&&&"}
],
"babel-plugin-styled-components"
]
}
/* output */
.c0.c0.c0 {
background-color: blue;
}
You can provide a cssNamespace
to use instead of duplicating the class name. Remember to include a DOM element with that class that wraps the styled-component. The cssNamespace
takes the form of the selector you want to use to wrap all of your styles with.
"babel": {
"plugins": [
["@quickbaseoss/babel-plugin-styled-components-css-namespace", {"cssNamespace": ".specific .moreSpecific .reallySpecific"}],
"styled-components"
]
}
/* output */
.specific .moreSpecific .reallySpecific .c0 {
background-color: blue;
}
where .c0 is the class added by styled-components to the element
While an uncommon use-case, it can often be useful to interpolate media query at-rules in your css
template string. Compared to the method for creating media queries from the
styled-component docs, this
method reduces the overhead of multiple calls of css
while still allowing queries to be
constructed without requiring nested template literals.
const mediaQuery = '@media only screen and (min-width: 426px)'
const StyledComponent = styled.div`
background-color: red;
${mediaQuery} {
background-color: blue;
}
`
Unfortunately, this syntax is identical to the syntax used to refer to other components and this
plugin cannot distinguish between the two and will produce broken CSS rules. Since referring to
other components is more common, the below method of formatting @media
inline can be
used as a workaround.
const mediaQuery = 'only screen and (min-width: 426px)';
const StyledComponent = styled.div`
background-color: red;
@media ${mediaQuery} {
background-color: blue;
}
`;
Note that rawCssNamespace
was dropped in favor of the single cssNamespace
option. Additionally, support for an array of selectors was dropped as well. Update any references to rawCssNamespace
with cssNamespace
.
If you were already using cssNamespace
, update your configuration to use a css selector rather than an array of classes. E.g., cssNamespace: 'moreSpecific'
should be cssNamespace: '.moreSpecific'
and cssNamespace: ['specific', 'verySpecific']
should be cssNamespace: '.specific .verySpecific'
.
styled-components is an awesome library for css-in-js and feels like a natural combination of React and CSS. It is easy to use and produces css instead of inline styles.
However, if you are trying to gradually introduce styled-components into a legacy website that might not have the best CSS, the legacy styles may bleed into your styled-components because they have more specificity than the single class styled-components.
This plugin will automatically add additional css namespaces or duplicated classes to the selectors produced by styled components effectively creating a wall between the legacy css code and your new shiny styled components.
This plugin was built for Styled Components; however, since initially creating it, we at Quick Base have switched to Emotion. It works as an alternative to the stylis extra scope plugin which requires creating your own instance of stylis.
git clone https://github.com/QuickBase/babel-plugin-styled-components-css-namespace.git
yarn install
(prefer yarn
although npm
should work as well)yarn test
to run the testsWhen we are ready to release a new version, one of the admins needs to run the following commands to publish the new version to npm. We probably need to invest in a better deploy and semver management system. Interested? See this issue.
git tag -a {version} {commit_hash}
. For example: git tag -a 0.0.9 abf3123
git push --follow-tags
Open source software is a group effort. This version of the plugin was heavily inspired by a fork of the original plugin from @TrevorBurnham.
We also would like to thank some of our contributors who helped solve some tough issues with the previous iteration of this plugin:
FAQs
A babel plugin to add css namespaces to all styled components.
We found that @quickbaseoss/babel-plugin-styled-components-css-namespace demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.