You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

css-modules-loader-core

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

css-modules-loader-core

A loader-agnostic CSS Modules implementation, based on PostCSS

0.0.4
Source
npmnpm
Version published
Weekly downloads
417K
25.12%
Maintainers
1
Weekly downloads
 
Created
Source

CSS Module Loader Core

A loader-agnostic CSS Modules implementation, based on PostCSS

API

core.load( sourceString , sourcePath , pathFetcher ) =>
  Promise({ injectableSource, exportTokens })

Processes the input CSS sourceString, looking for dependencies such as @import or :import. Any localisation will happen by prefixing a sanitised version of sourcePath When dependencies are found, it will ask the pathFetcher for each dependency, resolve & inline any imports, and return the following object:

  • injectableSource: the final, merged CSS file without @import or :import statements
  • exportTokens: the mapping from local name to scoped name, as described in the file's :export block

These should map nicely to what your build-tool-specific loader needs to do its job.

core.plugins = pluginArray

The default set of plugins is [postcss-modules-local-by-default, postcss-modules-extract-imports, postcss-modules-scope] (i.e. the CSS Modules specification). This can override which PostCSS plugins you wish to execute, e.g.

import core from 'css-loader-core'
import autoprefixer from 'autoprefixer'
import colorFunctions from 'postcss-color-function'

// Don't run local-by-default, but use colorFunctions 
// beforehand and autoprefixer afterwards:
core.plugins = [
  colorFunctions, 
  core.plugins.extractImports, 
  core.plugins.scope, 
  autoprefixer("Last 2 Versions")
]

Keywords

css-modules
postcss
loader

FAQs

Package last updated on 04 Jun 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Security News

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.

By Sarah Gooding  -  Jul 19, 2025
npm Phishing Email Targets Developers with Typosquatted Domain

Security News

/

Research

npm Phishing Email Targets Developers with Typosquatted Domain

A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.

By Sarah Gooding  -  Jul 18, 2025