Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
browserslist
Advanced tools
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
The browserslist npm package is used to share target browsers and Node.js versions between different front-end tools, like Autoprefixer, Babel, and others. It utilizes a configuration file or package.json entries to specify the range of browser versions that your project supports. It helps in making decisions for transpiling JavaScript, adding vendor prefixes to CSS, and even defining which browser versions to test during the development process.
Defining target browsers
This feature allows you to define a range of browsers your project supports by specifying queries like market share, last versions, or excluding certain browsers. The code sample would typically be placed in a package.json file.
"browserslist": ["> 1%", "last 2 versions", "not dead"]
Integration with build tools
Browserslist can be integrated with build tools like Webpack, Babel, or PostCSS to automatically apply browser-specific transformations based on the defined browser support criteria.
const browserslist = require('browserslist');
const supportedBrowsers = browserslist('> 0.5%, last 2 versions, Firefox ESR, not dead');
CLI Usage
Browserslist provides a command-line interface (CLI) that can be used to check which browsers and versions are selected by your queries.
npx browserslist "> 1%, last 2 versions"
Configuring environments
You can define different sets of browsers for various environments, like production or development, within a .browserslistrc file.
[production]
> 1% in US
[development]
last 1 chrome version
The caniuse-api provides raw browser support data from Can I Use, which is similar to the data that browserslist uses. However, it focuses more on querying specific features for browser support rather than defining a list of supported browsers for a project.
Autoprefixer is a CSS post-processor that uses browserslist to add vendor prefixes to CSS rules. It is a consumer of browserslist data rather than a direct alternative, but it serves a similar purpose in terms of browser compatibility.
Babel's preset-env is a smart preset that allows you to use the latest JavaScript without needing to micromanage which syntax transforms are needed by your target environment. It uses browserslist to determine which features need to be transformed or polyfilled. While not a direct alternative, it shares the goal of adapting code to be compatible with different environments.
The config to share target browsers and Node.js versions between different front-end tools. It is used in:
All tools will find target browsers automatically,
when you add the following to package.json
:
"browserslist": [
"defaults",
"not IE 11",
"not IE_Mob 11",
"maintained node versions",
]
Or in .browserslistrc
config:
# Browsers that we support
defaults
not IE 11
not IE_Mob 11
maintained node versions
Developers set their version lists using queries like last 2 version
to be free from updating versions manually.
Browserslist will use caniuse-lite
with Can I Use data for this queries.
Browserslist will take queries from tool option,
browserslist
config, .browserslistrc
config,
browserslist
section in package.json
or environment variables.
Browserslist Example shows how every tool uses Browserslist.
browserl.ist
is an online tool to check
what browsers will be selected by some query.browserslist-ga
and browserslist-ga-export
download your website
browsers statistics to use it in > 0.5% in my stats
query.browserslist-useragent-regexp
compiles Browserslist query to a RegExp
to test browser useragent.browserslist-useragent-ruby
is a Ruby library to checks browser
by user agent string to match Browserslist.browserslist-browserstack
runs BrowserStack tests for all browsers
in Browserslist config.caniuse-api
returns browsers which support some specific feature.npx browserslist
in your project directory to see project’s
target browsers. This CLI tool is built-in and available in any project
with Autoprefixer.There is a defaults
query, which gives a reasonable configuration
for most users:
"browserslist": [
"defaults"
]
If you want to change the default set of browsers, we recommend combining
last 2 versions
, not dead
with a usage number like > 0.2%
. This is
because last n versions
on its own does not add popular old versions, while
only using a percentage above 0.2%
will in the long run make popular
browsers even more popular. We might run into a monopoly and stagnation
situation, as we had with Internet Explorer 6. Please use this setting
with caution.
Select browsers directly (last 2 Chrome versions
) only if you are making
a web app for a kiosk with one browser. There are a lot of browsers
on the market. If you are making general web app you should respect
browsers diversity.
Don’t remove browsers just because you don’t know them. Opera Mini has 100 million users in Africa and it is more popular in the global market than Microsoft Edge. Chinese QQ Browsers has more market share than Firefox and desktop Safari combined.
Browserslist will use browsers and Node.js versions query from one of these sources:
browserslist
key in package.json
file in current or parent directories.
We recommend this way..browserslistrc
config file in current or parent directories.browserslist
config file in current or parent directories.BROWSERSLIST
environment variable.> 0.5%, last 2 versions, Firefox ESR, not dead
.An or
combiner can use the keyword or
as well as ,
.
last 1 version or > 1%
is equal to last 1 version, > 1%
.
and
query combinations are also supported to perform an
intersection of the previous query: last 1 version and > 1%
.
There is 3 different ways to combine queries as depicted below. First you start with a single query and then we combine the queries to get our final list.
Obviously you can not start with a not
combiner, since there is no left-hand
side query to combine it with.
Query combiner type | Illustration | Example |
---|---|---|
or /, combiner (union) | > .5% or last 2 versions > .5%, last 2 versions | |
and combiner (intersection) | > .5% and last 2 versions | |
not combiner (relative complement) | > .5% and not last 2 versions > .5% or not last 2 versions > .5%, not last 2 versions |
A quick way to test your query is to do npx browserslist '> 0.5%, not IE 11'
in your terminal.
You can specify the browser and Node.js versions by queries (case insensitive):
defaults
: Browserslist’s default browsers
(> 0.5%, last 2 versions, Firefox ESR, not dead
).> 5%
: browsers versions selected by global usage statistics.
>=
, <
and <=
work too.> 5% in US
: uses USA usage statistics. It accepts two-letter country code.> 5% in alt-AS
: uses Asia region usage statistics. List of all region codes
can be found at caniuse-lite/data/regions
.> 5% in my stats
: uses custom usage data.> 5% in browserslist-config-mycompany stats
: uses custom usage data
from browserslist-config-mycompany/browserslist-stats.json
.cover 99.5%
: most popular browsers that provide coverage.cover 99.5% in US
: same as above, with two-letter country code.cover 99.5% in my stats
: uses custom usage data.maintained node versions
: all Node.js versions, which are still maintained
by Node.js Foundation.node 10
and node 10.4
: selects latest Node.js 10.x.x
or 10.4.x
release.current node
: Node.js version used by Browserslist right now.extends browserslist-config-mycompany
: take queries from
browserslist-config-mycompany
npm package.ie 6-8
: selects an inclusive range of versions.Firefox > 20
: versions of Firefox newer than 20.
>=
, <
and <=
work too. It also works with Node.js.iOS 7
: the iOS browser version 7 directly.Firefox ESR
: the latest [Firefox ESR] version.PhantomJS 2.1
and PhantomJS 1.9
: selects Safari versions similar
to PhantomJS runtime.unreleased versions
or unreleased Chrome versions
:
alpha and beta versions.last 2 major versions
or last 2 iOS major versions
:
all minor/patch releases of last 2 major versions.since 2015
or last 2 years
: all versions released since year 2015
(also since 2015-03
and since 2015-03-10
).dead
: browsers without official support or updates for 24 months.
Right now it is IE 10
, IE_Mob 10
, BlackBerry 10
, BlackBerry 7
,
Samsung 4
and OperaMobile 12.1
.last 2 versions
: the last 2 versions for each browser.last 2 Chrome versions
: the last 2 versions of Chrome browser.not ie <= 8
: exclude browsers selected by previous queries.You can add not
to any query.
Run npx browserslist
in project directory to see what browsers was selected
by your queries.
$ npx browserslist
and_chr 61
and_ff 56
and_qq 1.2
and_uc 11.4
android 56
baidu 7.12
bb 10
chrome 62
edge 16
firefox 56
ios_saf 11
opera 48
safari 11
samsung 5
Names are case insensitive:
Android
for Android WebView.Baidu
for Baidu Browser.BlackBerry
or bb
for Blackberry browser.Chrome
for Google Chrome.ChromeAndroid
or and_chr
for Chrome for AndroidEdge
for Microsoft Edge.Electron
for Electron framework. It will be converted to Chrome version.Explorer
or ie
for Internet Explorer.ExplorerMobile
or ie_mob
for Internet Explorer Mobile.Firefox
or ff
for Mozilla Firefox.FirefoxAndroid
or and_ff
for Firefox for Android.iOS
or ios_saf
for iOS Safari.Node
for Node.js.Opera
for Opera.OperaMini
or op_mini
for Opera Mini.OperaMobile
or op_mob
for Opera Mobile.QQAndroid
or and_qq
for QQ Browser for Android.Safari
for desktop Safari.Samsung
for Samsung Internet.UCAndroid
or and_uc
for UC Browser for Android.kaios
for KaiOS Browser.package.json
If you want to reduce config files in project root, you can specify
browsers in package.json
with browserslist
key:
{
"private": true,
"dependencies": {
"autoprefixer": "^6.5.4"
},
"browserslist": [
"last 1 version",
"> 1%",
"IE 10"
]
}
.browserslistrc
Separated Browserslist config should be named .browserslistrc
and have browsers queries split by a new line. Comments starts with #
symbol:
# Browsers that we support
last 1 version
> 1%
IE 10 # sorry
Browserslist will check config in every directory in path
.
So, if tool process app/styles/main.css
, you can put config to root,
app/
or app/styles
.
You can specify direct path in BROWSERSLIST_CONFIG
environment variables.
You can use the following query to reference an exported Browserslist config from another package:
"browserslist": [
"extends browserslist-config-mycompany"
]
For security reasons, external configuration only supports packages that have
the browserslist-config-
prefix. npm scoped packages are also supported, by
naming or prefixing the module with @scope/browserslist-config
, such as
@scope/browserslist-config
or @scope/browserslist-config-mycompany
.
If you don’t accept Browserslist queries from users, you can disable the
validation by using the dangerousExtend
option:
browserslist(queries, { path, dangerousExtend: true })
Because this uses npm
's resolution, you can also reference specific files
in a package:
"browserslist": [
"extends browserslist-config-mycompany/desktop",
"extends browserslist-config-mycompany/mobile"
]
When writing a shared Browserslist package, just export an array.
browserslist-config-mycompany/index.js
:
module.exports = [
'last 1 version',
'> 1%',
'ie 10'
]
You can also include a browserslist-stats.json
file as part of your shareable
config at the root and query it using > 5% in browserslist-config-mycompany stats
.
It uses the same format as extends
and the dangerousExtend
property as above.
You can also specify different browser queries for various environments.
Browserslist will choose query according to BROWSERSLIST_ENV
or NODE_ENV
variables. If none of them is declared, Browserslist will firstly look
for production
queries and then use defaults.
In package.json
:
"browserslist": {
"production": [
"> 1%",
"ie 10"
],
"modern": [
"last 1 chrome version",
"last 1 firefox version"
],
"ssr": [
"node 12"
]
}
In .browserslistrc
config:
[production]
> 1%
ie 10
[modern]
last 1 chrome version
last 1 firefox version
[ssr]
node 12
If you have a website, you can query against the usage statistics of your site.
browserslist-ga
will ask access to Google Analytics and then generate
browserslist-stats.json
:
npx browserslist-ga
Or you can use browserslist-ga-export
to convert Google Analytics data without giving a password for Google account.
You can generate usage statistics file by any other method. File format should be like:
{
"ie": {
"6": 0.01,
"7": 0.4,
"8": 1.5
},
"chrome": {
…
},
…
}
Note that you can query against your custom usage data while also querying
against global or regional data. For example, the query
> 1% in my stats, > 5% in US, 10%
is permitted.
const browserslist = require('browserslist')
// Your CSS/JS build tool code
function process (source, opts) {
const browsers = browserslist(opts.overrideBrowserslist, {
stats: opts.stats,
path: opts.file,
env: opts.env
})
// Your code to add features for selected browsers
}
Queries can be a string "> 1%, IE 10"
or an array ['> 1%', 'IE 10']
.
If a query is missing, Browserslist will look for a config file.
You can provide a path
option (that can be a file) to find the config file
relatively to it.
Options:
path
: file or a directory path to look for config file. Default is .
.env
: what environment section use from config. Default is production
.stats
: custom usage statistics data.config
: path to config if you want to set it manually.ignoreUnknownVersions
: do not throw on direct query (like ie 12
).
Default is false.
dangerousExtend
: Disable security checks for extend
query.
Default is false.
mobileToDesktop
: Use desktop browsers if Can I Use doesn’t have data
about this mobile version. For instance, Browserslist will return
chrome 20
on and_chr 20
query (Can I Use has only data only about
latest versions of mobile browsers). Default is false
.For non-JS environment and debug purpose you can use CLI tool:
browserslist "> 1%, IE 10"
You can get total users coverage for selected browsers by JS API:
browserslist.coverage(browserslist('> 1%'))
//=> 81.4
browserslist.coverage(browserslist('> 1% in US'), 'US')
//=> 83.1
browserslist.coverage(browserslist('> 1% in my stats'), 'my stats')
//=> 83.1
browserslist.coverage(browserslist('> 1% in my stats', { stats }), stats)
//=> 82.2
Or by CLI:
$ browserslist --coverage "> 1%"
These browsers account for 81.4% of all users globally
$ browserslist --coverage=US "> 1% in US"
These browsers account for 83.1% of all users in the US
$ browserslist --coverage "> 1% in my stats"
These browsers account for 83.1% of all users in custom statistics
$ browserslist --coverage "> 1% in my stats" --stats=./stats.json
These browsers account for 83.1% of all users in custom statistics
If a tool uses Browserslist inside, you can change the Browserslist settings with environment variables:
BROWSERSLIST
with browsers queries.
BROWSERSLIST="> 5%" gulp css
BROWSERSLIST_CONFIG
with path to config file.
BROWSERSLIST_CONFIG=./config/browserslist gulp css
BROWSERSLIST_ENV
with environments string.
BROWSERSLIST_ENV="development" gulp css
BROWSERSLIST_STATS
with path to the custom usage data
for > 1% in my stats
query.
BROWSERSLIST_STATS=./config/usage_data.json gulp css
BROWSERSLIST_DISABLE_CACHE
if you want to disable config reading cache.
BROWSERSLIST_DISABLE_CACHE=1 gulp css
Browserslist caches the configuration it reads from package.json
and
browserslist
files, as well as knowledge about the existence of files,
for the duration of the hosting process.
To clear these caches, use:
browserslist.clearCaches()
To disable the caching altogether, set the BROWSERSLIST_DISABLE_CACHE
environment variable.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
4.8.6
Unknown version 10 of op_mob
error in mobileToDesktop
option.FAQs
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
The npm package browserslist receives a total of 26,202,249 weekly downloads. As such, browserslist popularity was classified as popular.
We found that browserslist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.