Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
icss-utils
Advanced tools
Package description
The icss-utils package provides utilities for working with ICSS (Interoperable CSS), which is a convention for handling CSS modules. It allows for the extraction and manipulation of CSS module content, such as importing/exporting variables and handling scoped CSS.
Extracting ICSS imports and exports
This feature allows you to extract ICSS imports and exports from a CSS string. The `extractICSS` function returns an object with `icssImports` and `icssExports` properties, which contain the extracted values.
const { extractICSS } = require('icss-utils');
const css = ':export { color: red; }';
const { icssImports, icssExports } = extractICSS(css);
Replacing values in CSS
This feature enables you to replace symbols in a CSS string with specified values. The `replaceSymbols` function takes a CSS string and an object of replacements, then returns the CSS with the values replaced.
const { replaceSymbols } = require('icss-utils');
const css = '.className { color: colorValue; }';
const replacements = { colorValue: 'red' };
const result = replaceSymbols(css, replacements);
Creating an ICSS replacement map
This feature helps in creating a map of ICSS replacements from exports. The `createICSSReplacements` function takes an object of ICSS exports and returns an object that can be used for replacing symbols in CSS.
const { createICSSReplacements } = require('icss-utils');
const icssExports = { color: 'red' };
const replacements = createICSSReplacements(icssExports);
This package is a PostCSS plugin that helps you use CSS modules. It allows you to scope CSS by automatically renaming classes and other selectors. It is similar to icss-utils in that it deals with CSS modules, but it is a full plugin rather than a set of utilities.
css-loader is a loader for webpack that interprets `@import` and `url()` like `import/require()` and will resolve them. It also has features for handling CSS modules, which makes it similar to icss-utils. However, css-loader is more integrated with webpack's build system.
This package is a PostCSS plugin that enables namespacing of CSS selectors according to the ICSS specification. It is similar to icss-utils in that it works with ICSS, but it focuses more on transforming selectors for scoping purposes.
Readme
Governs the way tokens are searched & replaced during the linking stage of ICSS loading.
This is broken into its own module in case the behaviour needs to be replicated in other PostCSS plugins (i.e. CSS Modules Values)
import { replaceSymbols, replaceValueSymbols } from "icss-utils"
replaceSymbols(css, replacements)
replaceValueSymbols(string, replacements)
Where:
css
is the PostCSS tree you're working withreplacements
is an JS object of symbol: "replacement"
pairs, where all occurrences of symbol
are replaced with replacement
.A symbol is a string of alphanumeric, -
or _
characters. A replacement can be any string. They are replaced in the following places:
color: my_symbol;
or box-shadow: 0 0 blur spread shadow-color
@media small {}
or @media screen and not-large {}
Extracts and remove (if removeRules is equal true) from PostCSS tree :import
and :export
statements.
import postcss from 'postcss';
import { extractICSS } from 'icss-utils'
const css = postcss.parse(`
:import(colors) {
a: b;
}
:export {
c: d;
}
`)
extractICSS(css)
/*
{
icssImports: {
colors: {
a: 'b'
}
},
icssExports: {
c: 'd'
}
}
*/
Converts icss imports and exports definitions to postcss ast
createICSSRules({
colors: {
a: 'b'
}
}, {
c: 'd'
})
ISC
Glen Maddern and Bogdan Chadkin, 2015.
FAQs
ICSS utils for postcss ast
We found that icss-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.