Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
asset-pipe-css-writer
Advanced tools
A module that takes any number of css file entry points and packages them together with meta data before providing them as a readable stream.
Given any number of css file paths, for each file path, this module will:
The module provides a readable stream of the resulting objects.
{
// Unique id for entry. Created by hashing together name, version and file
id: '4f32a8e1c6cf6e5885241f3ea5fee583560b2dfde38b21ec3f9781c91d58f42e',
// 'name' from nearest package.json file found by working up from the css file's directory
name: 'my-module-1',
// 'version' from nearest package.json file found by working up from the css file's directory
version: '1.0.1',
// path to file on disk relative to nearest package.json file found by working up from the css file's directory
file: 'my-module-1/main.css',
// bundled css content with any @import statements inlined
content: '/* ... */'
}
npm install asset-pipe-css-writer
const CssWriter = require('asset-pipe-css-writer')
Either pass a path to a single css file:
const writer = new CssWriter('/path/to/css/file.css')
Or pass an array of paths to css files:
const writer = new CssWriter(['/path/to/css/file1.css', '/path/to/css/file2.css'])
The writer is a readable stream in object mode so in order to access the data you may register a data handler and listen for objects to be passed to the handler:
writer.on('data', data => {
// { id, name, version, file, content }
})
You might also pipe the writer into a writeable or transform stream (with input in object mode):
const { Writable } = require('stream')
const consumer = new Writeable({
objectMode: true,
write(chunk, encoding, callback) {
// chunk will be an object of the shape: { id, name, version, file, content }
console.log(chunk)
callback()
}
})
writer.pipe(consumer)
FAQs
CSS asset feed writer
The npm package asset-pipe-css-writer receives a total of 1 weekly downloads. As such, asset-pipe-css-writer popularity was classified as not popular.
We found that asset-pipe-css-writer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.