![Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit](https://cdn.sanity.io/images/cgdhsj6q/production/87f552a1c62a48cf417637353ef8469746624a66-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
postcss-import-url
Advanced tools
PostCSS plugin inlines remote files.
/* Input example */
@import 'https://fonts.googleapis.com/css?family=Tangerine';
body {
font-size: 13px;
}
/* Output example */
@font-face {
font-family: 'Tangerine';
font-style: normal;
font-weight: 400;
src: url(https://fonts.gstatic.com/s/tangerine/v12/IurY6Y5j_oScZZow4VOxCZZM.woff2)
format('woff2');
}
body {
font-size: 13px;
}
const importUrl = require('postcss-import-url');
const options = {};
postcss([importUrl(options)]).process(css, {
// Define a `from` option to resolve relative @imports in the initial css to a url.
from: 'https://example.com/styles.css',
});
See PostCSS docs for examples for your environment.
recursive
(boolean) To import URLs recursively (default: true
)resolveUrls
(boolean) To transform relative URLs found in remote stylesheets into fully qualified URLs (see #18) (default: false
)modernBrowser
(boolean) Set user-agent string to 'Mozilla/5.0 AppleWebKit/537.36 Chrome/80.0.0.0 Safari/537.36', this option maybe useful for importing fonts from Google. Google check user-agent
header string and respond can be different (default: false
)userAgent
(string) Custom user-agent header (default: null
)dataUrls
(boolean) Store fetched CSS as base64 encoded data URLs (default: false
)modernBrowser
to explicitly load woff2 fonts.FAQs
PostCSS plugin inlines remote files.
We found that postcss-import-url demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.