![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
critical
Advanced tools
Changelog
v0.1.2 / 2014-07-04
Readme
Critical Path CSS generation & inlining
npm install -g critical
Include:
var critical = require('critical');
###Generate critical-path CSS
Basic usage:
critical.generate({
base: 'test/',
src: 'index.html',
dest: 'styles/main.css',
width: 320,
height: 480,
});
Generate and minify critical-path CSS:
critical.generate({
base: 'test/',
src: 'index.html',
width: 320,
dest: 'styles/styles.min.css',
minify: true,
height: 480
});
Generate and return output via a callback:
critical.generate({
base: 'test/',
src: 'index.html',
width: 320,
height: 480,
}, function (err, output){
// You now have critical-path CSS
// Works with and without dest specified
});
###Inline <style>
/ critical CSS from generation
Basic usage:
critical.inline({
base: 'test/',
src: 'index-critical.html',
dest: 'inlined.html'
});
Minify and inline stylesheets:
critical.inline({
base: 'test/',
src: 'index-critical.html',
dest: 'inlined-minified.html',
minify: true
});
Inline and return output via a callback:
critical.inline({
base: 'test/',
src: 'index-critical.html',
}, function (err, output){
// You now have HTML with inlined critical-path CSS
// Works with and without dest specified
});
###Options
####base
Type: String
Base directory in which the source and destination are to be written.
####src
Type: String
Location of the HTML source to be operated against.
####dest
Type: String
Location of where to save the output of an operation.
####width
Type: integer
(Generation only) Width of the target viewport.
####height
Type: integer
(Generation only) Height of the target viewport.
####minify
Type: boolean
Enable minification of CSS output
CSS is required to construct the render tree for your pages and JavaScript will often block on CSS during initial construction of the page. You should ensure that any non-essential CSS is marked as non-critical (e.g. print and other media queries), and that the amount of critical CSS and the time to deliver it is as small as possible.
For best performance, you may want to consider inlining the critical CSS directly into the HTML document. This eliminates additional roundtrips in the critical path and if done correctly can be used to deliver a “one roundtrip” critical path length where only the HTML is a blocking resource.
I recommend using Penthouse directly if your app has a large number of styles or stylesheets being dynamically injected into the DOM. Critical is best used when your page uses a fixed set of stylesheets as we can automatically scrape this for you, avoiding the overhead of passing known styles yourself manually to Penthouse.
Apache 2.0
Copyright 2014 Google Inc
FAQs
Extract & Inline Critical-path CSS from HTML
The npm package critical receives a total of 15,696 weekly downloads. As such, critical popularity was classified as popular.
We found that critical demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.