Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gulp-inline-css
Advanced tools
Inline your CSS properties into the
style
attribute in an html file. Useful for emails.
Inspired by the grunt plugin grunt-inline-css. Uses the inline-css module.
This gulp plugin takes an html file and inlines the CSS properties into the style attribute.
/path/to/file.html
:
<html>
<head>
<style>
p { color: red; }
</style>
<link rel="stylesheet" href="style.css">
</head>
<body>
<p>Test</p>
</body>
</html>
style.css
p {
text-decoration: underline;
}
Output:
<html>
<head>
</head>
<body>
<p style="color: red; text-decoration: underline;">Test</p>
</body>
</html>
Install with npm
npm install --save-dev gulp-inline-css
var gulp = require('gulp'),
inlineCss = require('gulp-inline-css');
gulp.task('default', function() {
return gulp.src('./*.html')
.pipe(inlineCss())
.pipe(gulp.dest('build/'));
});
With options:
var gulp = require('gulp'),
inlineCss = require('gulp-inline-css');
gulp.task('default', function() {
return gulp.src('./*.html')
.pipe(inlineCss({
applyStyleTags: true,
applyLinkTags: true,
removeStyleTags: true,
removeLinkTags: true
}))
.pipe(gulp.dest('build/'));
});
Options are passed directly to inline-css.
Type: String
Default: ""
Extra css to apply to the file.
Type: Boolean
Default: true
Whether to inline styles in <style></style>
.
Type: Boolean
Default: true
Whether to resolve <link rel="stylesheet">
tags and inline the resulting styles.
Type: Boolean
Default: true
Whether to remove the original <style></style>
tags after (possibly) inlining the css from them.
Type: Boolean
Default: true
Whether to remove the original <link rel="stylesheet">
tags after (possibly) inlining the css from them.
Type: String
Default: filePath
How to resolve hrefs. Required.
Type: Boolean
Default: false
Preserves all media queries (and contained styles) within <style></style>
tags as a refinement when removeStyleTags
is true
. Other styles are removed.
Type: Boolean
Default: false
Whether to use any CSS pixel widths to create width
attributes on elements.
Type: Boolean
Default: false
Whether to apply the border
, cellpadding
and cellspacing
attributes to table
elements.
Type: Boolean
Default: false
Whether to remove the class
and id
attributes from the markup.
Type: Object
Default: { EJS: { start: '<%', end: '%>' }, HBS: { start: '{{', end: '}}' } }
An object where each value has a start
and end
to specify fenced code blocks that should be ignored during parsing and inlining. For example, Handlebars (hbs) templates are HBS: {start: '{{', end: '}}'}
. codeBlocks
can fix problems where otherwise inline-css might interpret code like <=
as HTML, when it is meant to be template language code. Note that codeBlocks
is a dictionary which can contain many different code blocks, so don't do codeBlocks: {...}
do codeBlocks.myBlock = {...}
.
When a data-embed attribute is present on a tag, inline-css will not inline the styles and will not remove the tags.
This can be used to embed email client support hacks that rely on css selectors into your email templates.
Options to passed to cheerio.
MIT © Jonathan Kemp
FAQs
Inline linked css in an html file. Useful for emails.
The npm package gulp-inline-css receives a total of 13,308 weekly downloads. As such, gulp-inline-css popularity was classified as popular.
We found that gulp-inline-css demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.