Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
detective-sass
Advanced tools
The detective-sass npm package is designed to analyze SASS (.scss) files to find and extract import statements. This can be particularly useful in build tools and bundlers where understanding dependencies between stylesheets is necessary for tasks like concatenation, minification, or modular builds. It parses the content of SASS files and returns an array of strings representing the paths of files that are imported.
Extract import paths from a SASS file
This feature allows you to pass in the content of a SASS file as a string to the detective function, which then returns an array of the import paths found within that file. This is useful for tracking dependencies in SASS projects.
const detective = require('detective-sass');
const content = `$importedVar: #123;
@import 'another-file';
body { color: $importedVar; }`;
const imports = detective(content);
console.log(imports); // ['another-file']
Similar to detective-sass, postcss-import is used to process import statements in CSS files. While detective-sass focuses on SASS files, postcss-import is more versatile, working with CSS files and supporting features like glob, path resolving, and inline imports. It's part of the PostCSS ecosystem, which allows for a wide range of plugins to further process the CSS.
This package provides a custom importer for node-sass, enabling glob-based imports in SASS files. While detective-sass extracts import paths for analysis or bundling, node-sass-glob-importer enhances the import capabilities of SASS itself, allowing for more flexible and powerful stylesheet organization.
Find the dependencies of a sass file
npm install detective-sass
Note: This is specific to the .sass style syntax of the Sass preprocessor. For SCSS support, please see node-detective-scss.
It's the SASS counterpart to detective, detective-amd, and detective-es6.
const fs = require('fs');
const detective = require('detective-sass');
const content = fs.readFileSync('styles.sass', 'utf8');
// list of imported file names (ex: '_foo.sass', '_foo', etc)
const dependencies = detective(content);
// or to also detect any url() references to images, fonts, etc.
const allDependencies = detective(content, { url: true });
url
(optional): (Boolean
) also detect any url()
references to images, fonts, etc.FAQs
Find the dependencies of a sass file
The npm package detective-sass receives a total of 1,241,361 weekly downloads. As such, detective-sass popularity was classified as popular.
We found that detective-sass demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.