![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
postcss-discard-comments
Advanced tools
Package description
The postcss-discard-comments npm package is a PostCSS plugin designed to remove comments from your CSS files. It can be highly useful for reducing the size of CSS files in production environments, improving load times and efficiency. The package offers flexibility in handling comments, allowing users to remove all comments or selectively keep some based on specific criteria.
Remove all comments
This feature allows you to remove all comments from your CSS files, which can significantly reduce file size and improve loading times for your web pages.
postcss([ require('postcss-discard-comments')() ]).process(YOUR_CSS).then(result => { console.log(result.css); });
Preserve comments with specific patterns
This feature enables you to keep comments that match specific patterns, such as those starting with an exclamation mark (!), which are often used to denote important information or licensing details.
postcss([ require('postcss-discard-comments')({remove: (comment) => !comment.startsWith('!')}) ]).process(YOUR_CSS).then(result => { console.log(result.css); });
cssnano is a modular minifier that includes functionalities similar to postcss-discard-comments as part of its optimization capabilities. It can remove comments, but also offers a wide range of other optimizations like minifying font weights, discarding unused at-rules, and reducing CSS calc expressions.
clean-css is another CSS minifier that can remove comments from CSS files. It provides advanced optimizations including restructuring rules, merging duplicate rules, and removing unused CSS, making it a more comprehensive tool for CSS optimization compared to postcss-discard-comments.
Readme
Discard comments in your CSS files with PostCSS.
With npm do:
npm install postcss-discard-comments --save
h1/* heading */{
margin: 0 auto
}
h1 {
margin: 0 auto
}
This module discards comments from your CSS files; by default, it will remove
all regular comments (/* comment */
) and preserve comments marked as important
(/*! important */
).
Note that this module does not handle source map comments because they are not available to it; PostCSS handles this internally, so if they are removed then you will have to configure source maps in PostCSS.
Type: function
Return: boolean
Variable: comment
contains a comment without /**/
For each comment, return true to remove, or false to keep the comment.
function(comment) {}
var css = '/* headings *//*@ h1 */h1{margin:0 auto}/*@ h2 */h2{color:red}';
console.log(postcss(comments({
remove: function(comment) { return comment[0] == "@"; }
})).process(css).css);
//=> /* headings */h1{margin:0 auto}h2{color:red}
NOTE: If you use the remove
function other options will not be available.
Type: boolean
Default: false
Remove all comments marked as important.
var css = '/*! heading */h1{margin:0 auto}/*! heading 2 */h2{color:red}';
console.log(postcss(comments({removeAll: true})).process(css).css);
//=> h1{margin:0 auto}h2{color:red}
Type: boolean
Default: false
Remove all comments marked as important, but the first one.
var css = '/*! heading */h1{margin:0 auto}/*! heading 2 */h2{color:red}';
console.log(postcss(comments({removeAllButFirst: true})).process(css).css);
//=> /*! heading */h1{margin:0 auto}h2{color:red}
See the PostCSS documentation for examples for your environment.
See CONTRIBUTORS.md.
MIT © Ben Briggs
FAQs
Unknown package
We found that postcss-discard-comments demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.