Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
postcss-color-function
Advanced tools
postcss-color-function
PostCSS plugin to transform W3C CSS color function to more compatible CSS.
postcss-color-function 
PostCSS plugin to transform CSS color function from editor draft of 'Color Module Level 4' specification to more compatible CSS.
Deprecated
⚠️ color() was changed to color-mod(). See postcss-color-mod-function.
There is a
color-modimplementation.
⚠️ color-mod() has been removed from Color Module Level 4 specification.
Installation
npm install postcss-color-function
Usage
// dependencies
var fs = require("fs")
var postcss = require("postcss")
var colorFunction = require("postcss-color-function")
// css to be processed
var css = fs.readFileSync("input.css", "utf8")
// process css
// set preserveCustomProps to `false` by default `true`
//for delete declarations with custom properties
var output = postcss()
.use(colorFunction({preserveCustomProps: true}))
.process(css)
.css
Using this input.css:
body {
background: color(red a(90%))
}
you will get:
body {
background: rgba(255, 0, 0, 0.9)
}
Checkout tests for examples.
Interface (according to CSS specs)
color( [ <color> | <hue> ] <color-adjuster>* )
List of color-adjuster
[red( | green( | blue( | alpha( | a(] ['+' | '-']? [<number> | <percentage>] )[red( | green( | blue( | alpha( | a(] '*' <percentage> )rgb( ['+' | '-'] [<number> | <percentage>]{3} )rgb( ['+' | '-'] <hash-token> )rgb( '*' <percentage> ) |[hue( | h(] ['+' | '-' | '*']? <angle> )[saturation( | s(] ['+' | '-' | '*']? <percentage> )[lightness( | l(] ['+' | '-' | '*']? <percentage> )[whiteness( | w(] ['+' | '-' | '*']? <percentage> )[blackness( | b(] ['+' | '-' | '*']? <percentage> )tint( <percentage> )shade( <percentage> )blend( <color> <percentage> [rgb | hsl | hwb]? )blenda( <color> <percentage> [rgb | hsl | hwb]? )contrast( <percentage>? )
Notes:
- some adjusts have shortcuts,
- can be used on every value on any property,
- some values can use add/subtract/scale modifiers or a direct value.
Examples
whatever {
color: color(red a(10%));
background-color: color(red lightness(50%)); /* == color(red l(50%)); */
border-color: color(hsla(125, 50%, 50%, .4) saturation(+ 10%) w(- 20%));
}
FAQ
Can you support currentcolor so we can do color(currentcolor adjuster())?
No we cannot do that. currentcolor depends on the cascade (so the DOM) and we can't handle that in a simple preprocessing step. You need to handle that with polyfills.
Can we use CSS custom properties so we can do color(var(--mainColor) adjuster())?
By using postcss-custom-properties before this plugin, you can do that (sort of). You have some examples in cssnext playground.
Notes for former Sass users
lighten and darken are Sass specific methods and not supported by native CSS specs. The same functionality can be achieved with the tint and shade adjusters:
$lighten(red, 20%)
/* is equivalent to */
color(red tint(20%))
$darken(red, 20%)
/* is equivalent to */
color(red shade(20%))
Changelog
License
FAQs
PostCSS plugin to transform W3C CSS color function to more compatible CSS.
The npm package postcss-color-function receives a total of 280,702 weekly downloads. As such, postcss-color-function popularity was classified as popular.
We found that postcss-color-function demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 01 Apr 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024