Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
clean-css
Advanced tools
clean-css is a fast and efficient CSS optimizer for Node.js and the web. It minifies CSS by removing whitespace, comments, and unnecessary characters, merging identical rules, and applying other optimization techniques. It can be used to reduce the size of CSS files, which can lead to faster page load times and improved performance.
Minification
This feature allows you to minify CSS by removing unnecessary characters and whitespace, which results in smaller file sizes.
const CleanCSS = require('clean-css');
new CleanCSS().minify('a { font-weight: bold; }', function (error, output) {
console.log(output.styles);
});
Source Map Generation
clean-css can generate source maps for the minified CSS, which is useful for debugging minified code in the browser.
const CleanCSS = require('clean-css');
new CleanCSS({ sourceMap: true, sourceMapInlineSources: true }).minify({ 'styles.css': { styles: 'a { color: #000 }' } }, function (error, output) {
console.log(output.sourceMap.toString());
});
Merging of Identical CSS Rules
This feature merges identical CSS rules into one to reduce file size and redundancy in the code.
const CleanCSS = require('clean-css');
new CleanCSS().minify('a { color: red; } a { color: red; }', function (error, output) {
console.log(output.styles);
});
Optimizing CSS Properties
clean-css can optimize CSS properties, such as converting hex color codes to shorter names when possible.
const CleanCSS = require('clean-css');
new CleanCSS().minify('a { color: #FF0000; }', function (error, output) {
console.log(output.styles);
});
cssnano is a modular CSS minifier that utilizes PostCSS. It offers optimizations like reducing calc() references, z-index rebasing, and discarding unused at-rules. Compared to clean-css, cssnano provides a plugin system and can be more configurable due to its modular nature.
uglifycss is a simple CSS minifier that works both in Node.js and the browser. It is less feature-rich compared to clean-css and does not support source maps, but it is straightforward to use for basic minification tasks.
csso (CSS Optimizer) is a CSS minifier with structural optimizations. It can restructure CSS rules to reduce file size and also merge selectors and properties. csso is known for its aggressive optimization techniques, which sometimes can be more efficient than clean-css, but may also require careful testing to ensure the final CSS behaves as expected.
Clean-css is a fast and efficient Node.js library for minifying CSS files.
According to tests it is one of the best available.
Node.js 0.8.0+ (tested on CentOS, Ubuntu, OS X 10.6+, and Windows 7+)
npm install clean-css
npm update clean-css
or point package.json
to version 2.x. That's it!
Update clean-css
as for CLI above.
Then change your JavaScript code from:
var minimized = CleanCSS.process(source, options);
into
var minimized = new CleanCSS(options).minify(source);
And you are done.
Clean-css accepts the following command line arguments (please make sure
you use <source-file>
as the very last argument to avoid potential issues):
cleancss [options] source-file, [source-file, ...]
-h, --help Output usage information
-v, --version Output the version number
-b, --keep-line-breaks Keep line breaks
--s0 Remove all special comments, i.e. /*! comment */
--s1 Remove all special comments but the first one
-r, --root [root-path] A root path to which resolve absolute @import rules
and rebase relative URLs
-o, --output [output-file] Use [output-file] as output instead of STDOUT
-s, --skip-import Disable @import processing
--skip-rebase Disable URLs rebasing
--skip-advanced Disable advanced optimizations - selector & property merging,
reduction, etc.
--skip-aggressive-merging Disable properties merging based on their order
--rounding-precision [value] Rounding precision, defaults to 2
-c, --compatibility [ie7|ie8] Force compatibility mode
-d, --debug Shows debug information (minification time & compression efficiency)
To minify a public.css file into public-min.css do:
cleancss -o public-min.css public.css
To minify the same public.css into the standard output skip the -o
parameter:
cleancss public.css
More likely you would like to concatenate a couple of files. If you are on a Unix-like system:
cat one.css two.css three.css | cleancss -o merged-and-minified.css
On Windows:
type one.css two.css three.css | cleancss -o merged-and-minified.css
Or even gzip the result at once:
cat one.css two.css three.css | cleancss | gzip -9 -c > merged-minified-and-gzipped.css.gz
var CleanCSS = require('clean-css');
var source = 'a{font-weight:bold;}';
var minimized = new CleanCSS().minify(source);
CleanCSS constructor accepts a hash as a parameter, i.e.,
new CleanCSS(options).minify(source)
with the following options available:
keepSpecialComments
- *
for keeping all (default), 1
for keeping first one only, 0
for removing allkeepBreaks
- whether to keep line breaks (default is false)benchmark
- turns on benchmarking mode measuring time spent on cleaning up
(run npm run bench
to see example)root
- path to resolve absolute @import
rules and rebase relative URLsrelativeTo
- path with which to resolve relative @import
rules and URLsprocessImport
- whether to process @import
rulesnoRebase
- whether to skip URLs rebasingnoAdvanced
- set to true to disable advanced optimizations - selector & property merging, reduction, etc.compatibility
- Force compatibility mode to ie7
or ie8
. Defaults to not set.debug
- set to true to get minification statistics under stats
property (see test/custom-test.js
for examples)For a tutorial how to use Grunt, Gulp, Broccoli or Brunch with clean-css, read Addy Osmani's "Spring cleaning unused CSS".
First clone the source, then run:
npm run bench
for clean-css benchmarks (see test/bench.js for details)npm run check
to check JS sources with JSHintnpm test
for the test suitenpm test
).npm run check
) and follow all other ones too.If you wonder where to add tests, go for:
test/unit-test.js
if it's a simple scenariotest/data/...
if it's a complex scenario (just add two files, input and expected output)test/binary-test.js
if it's related to bin/cleancss
binarytest/module-test.js
if it's related to importing clean-css
as a moduletest/protocol-imports-test.js
if it fixes anything related to protocol @import
sUse the /*!
notation instead of the standard one /*
:
/*!
Important comments included in minified output.
*/
Clean-css will handle it automatically for you (since version 1.1) in the following cases:
-o
/--output
to rebase URLs as relative to the output file.-r
/--root
to rebase URLs as absolute from the given root path.-r
/--root
takes precendence.relativeTo
and target
options for relative rebase (same as 1 in CLI).relativeTo
and root
options for absolute rebase (same as 2 in CLI).root
takes precendence over target
as in CLI.@import
processing, namely introducing the --skip-import
/
processImport
options.@import
processing inside comments.sys
package.Clean-css is released under the MIT License.
FAQs
A well-tested CSS minifier
The npm package clean-css receives a total of 12,685,831 weekly downloads. As such, clean-css popularity was classified as popular.
We found that clean-css demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.