Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
combo css which import other css 对于js,目前已经有比较成熟的模块化方案,比如seajs、kissy,但是css方面呢,一般是通过less进行编译打包的。less官方对于less文件中的@import "xxx.css"是不会打包进来的,这也是考虑到本身就是有需求要这样引用css,而如果你@import "xxx.less",less打包工具就会分析这些引入的模块,进行打包。 css-combo就是借鉴了这种思想,实现了css模块化。即在入口文件中@import其他模块,然后对入口文件进行打包的时候,该工具会分析import的文件,把这些文件打包进来。
对于CSS模块化,欢迎大家看我这篇博文:(http://www.techcheng.com/study/css/introduce-css-combo.html)
首先需要npm安装一下:
npm install -g css-combo
###命令行使用###
命令行下,可以先进入需要打包的文件所在目录,然后
csscombo xxx.source.css xxx.combo.css
第一个参数是源文件名,第二个参数是打包之后的文件名
其他选项有:
你也可以在自己的打包工具中调用css combo,和其他npm包一样:
var CSSCombo = require('css-combo');
CSSCombo.build(cfg, function(err){ callback(); });
cfg 参数可以配置以下选项:
@import
额外查找的路径。CSS Combo配套的grunt插件:https://github.com/daxingplay/grunt-css-combo
css-combo 遵守 "MIT":https://github.com/daxingplay/css-combo/blob/master/LICENSE.md 协议
FAQs
css module combo tool
We found that css-combo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.