Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
browser-sass
Advanced tools
Fork of the original sass package which supports bundling by adding the "browser" field to package.json
.
Tested using webpack
for both web
and webworker
targets
A pure JavaScript implementation of Sass. Sass makes CSS fun again.
|
This package is a distribution of Dart Sass, compiled to pure JavaScript
with no native code or external dependencies. It provides a command-line sass
executable and a Node.js API.
You can install Sass globally using npm install -g sass
which will provide
access to the sass
executable. You can also add it to your project using
npm install --save-dev sass
. This provides the executable as well as a
library:
var sass = require('sass');
sass.render({file: scss_filename}, function(err, result) { /* ... */ });
// OR
var result = sass.renderSync({file: scss_filename});
See below for details on Dart Sass's JavaScript API.
When installed via npm, Dart Sass supports a JavaScript API that's fully
compatible with Node Sass (with a few exceptions listed below), with support
for both the render()
and renderSync()
functions. See the Sass
website for full API documentation!
Note however that by default, renderSync()
is more than twice as fast as
render()
due to the overhead of asynchronous callbacks. To avoid this
performance hit, render()
can use the fibers
package to call
asynchronous importers from the synchronous code path. To enable this, pass the
Fiber
class to the fiber
option:
var sass = require("sass");
var Fiber = require("fibers");
sass.render({
file: "input.scss",
importer: function(url, prev, done) {
// ...
},
fiber: Fiber
}, function(err, result) {
// ...
});
Both render()
and renderSync()
support the following options:
data
file
functions
importer
includePaths
indentType
indentWidth
indentedSyntax
linefeed
omitSourceMapUrl
outFile
sourceMapContents
sourceMapEmbed
sourceMapRoot
sourceMap
"expanded"
and "compressed"
values of
outputStyle
are supported.No support is intended for the following options:
precision
. Dart Sass defaults
to a sufficiently high precision for all existing browsers, and making this
customizable would make the code substantially less efficient.
sourceComments
. Source
maps are the recommended way of locating the origin of generated selectors.
Dart Sass, from which this package is compiled, can be used either as a stand-alone executable or as a Dart library. Running Dart Sass on the Dart VM is substantially faster than running the pure JavaScript version, so this may be appropriate for performance-sensitive applications. The Dart API is also (currently) more user-friendly than the JavaScript API. See the Dart Sass README for details on how to use it.
Node Sass, which is a wrapper around LibSass, the C++ implementation of Sass. Node Sass supports the same API as this package and is also faster (although it's usually a little slower than Dart Sass). However, it requires a native library which may be difficult to install, and it's generally slower to add features and fix bugs.
There are a few intentional behavioral differences between Dart Sass and Ruby Sass. These are generally places where Ruby Sass has an undesired behavior, and it's substantially easier to implement the correct behavior than it would be to implement compatible behavior. These should all have tracking bugs against Ruby Sass to update the reference behavior.
@extend
only accepts simple selectors, as does the second argument of
selector-extend()
. See issue 1599.
Subject selectors are not supported. See issue 1126.
Pseudo selector arguments are parsed as <declaration-value>
s rather than
having a more limited custom parsing. See issue 2120.
The numeric precision is set to 10. See issue 1122.
The indented syntax parser is more flexible: it doesn't require consistent indentation across the whole document. See issue 2176.
Colors do not support channel-by-channel arithmetic. See issue 2144.
Unitless numbers aren't ==
to unit numbers with the same value. In
addition, map keys follow the same logic as ==
-equality. See
issue 1496.
rgba()
and hsla()
alpha values with percentage units are interpreted as
percentages. Other units are forbidden. See issue 1525.
Too many variable arguments passed to a function is an error. See issue 1408.
Allow @extend
to reach outside a media query if there's an identical
@extend
defined outside that query. This isn't tracked explicitly, because
it'll be irrelevant when issue 1050 is fixed.
Some selector pseudos containing placeholder selectors will be compiled where they wouldn't be in Ruby Sass. This better matches the semantics of the selectors in question, and is more efficient. See issue 2228.
The old-style :property value
syntax is not supported in the indented
syntax. See issue 2245.
The reference combinator is not supported. See issue 303.
Universal selector unification is symmetrical. See issue 2247.
@extend
doesn't produce an error if it matches but fails to unify. See
issue 2250.
Dart Sass currently only supports UTF-8 documents. We'd like to support more, but Dart currently doesn't support them. See dart-lang/sdk#11744, for example.
Disclaimer: this is not an official Google product.
FAQs
A pure JavaScript implementation of Sass.
The npm package browser-sass receives a total of 0 weekly downloads. As such, browser-sass popularity was classified as not popular.
We found that browser-sass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.