Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
postcss-fontpath
Advanced tools
Changelog
v1.0.0 (2017-07-26)
Closed issues:
Merged pull requests:
Readme
PostCSS plugin that automatically generates src
values for @font-face
rules based on the path to your font files. You can manually provide the types of sources to output, or automatically generate sources based on the font files that actually exist in your project.
Part of Rucksack - CSS Superpowers
Input
@font-face {
font-family: 'My Font';
font-path: '/path/to/font/file';
font-weight: normal;
font-style: normal;
}
Output
@font-face {
font-family: 'My Font';
src: url("/path/to/font/file.eot") format('embedded-opentype'),
url("/path/to/font/file.woff") format('woff2'),
url("/path/to/font/file.woff") format('woff'),
url("/path/to/font/file.ttf") format('truetype'),
url("/path/to/font/file.svg") format('svg');
font-weight: normal;
font-style: normal;
}
var fontpath = require('postcss-fontpath');
postcss([ fontpath({ ... }) ]);
See PostCSS docs for examples for your environment.
By default postcss-fontpath generates src values for all valid font types. You can change the default sources generated by providing an array of custom src formats in the formats
option. Each format requires a type and a file extension to map to. The order of the formats in the array determines the ordering of the src
values outputted.
{
formats: [
{ type: 'woff2', ext: 'woff2' },
{ type: 'embedded-opentype', ext: 'eot' }
]
}
Postcss-fontpath can automatically check the path you give it and only generate src values for the files that actually exist in your project with the checkFiles
option.
Remember that postcss-fontpath checks paths based on your current directory structure - if your production environment differs from your development setup (eg: transformed in a buildstep) then this method could result in incorrect declarations
If you need to support IE8 (which doesn't support multiple src
values or format()
), postcss-fontpath can generate a FontSpring style IE8 hack with the ie8Fix
option, resulting in an output like this
@font-face {
font-family: 'My Font';
src: url("/path/to/font/file.eot");
src: url("/path/to/font/file.eot?#iefix") format('embedded-opentype'),
url("/path/to/font/file.woff") format('woff2'),
...
font-weight: normal;
font-style: normal;
}
Option | Type | Default | Description |
---|---|---|---|
formats | Array | [ { type: 'embedded-opentype', ext: 'eot' }, { type: 'woff2', ext: 'woff2' }, { type: 'woff', ext: 'woff' }, { type: 'truetype', ext: 'ttf' }, { type: 'svg', ext: 'svg'} ] | Default font formats to generate src values for |
checkFiles | Boolean | false | Whether to generate src values based on the font files that actually exist at the given font-path |
ie8Fix | Boolean | false | Whether to generate a hack for IE8 support |
MIT © Sean King
FAQs
PostCSS plugin that adds a font-path attribute to @font-face which expands to the FontSpring syntax
We found that postcss-fontpath demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.