postcss-loader - npm Package Compare versions

Comparing version 5.1.0 to 5.2.0

CHANGELOG.md

@@ -5,2 +5,9 @@ # Changelog
 
+## [5.2.0](https://github.com/webpack-contrib/postcss-loader/compare/v5.1.0...v5.2.0) (2021-03-11)
+
+
+### Features
+
+* support `ecma` modules for the 'parser', 'stringifier' and 'syntax' options ([#519](https://github.com/webpack-contrib/postcss-loader/issues/519)) ([cc69754](https://github.com/webpack-contrib/postcss-loader/commit/cc69754383f6f9881ac5f02ec489eb89db2cfb0d))
+
 ## [5.1.0](https://github.com/webpack-contrib/postcss-loader/compare/v5.0.0...v5.1.0) (2021-03-05)
@@ -7,0 +14,0 @@

dist/index.js

@@ -57,3 +57,3 @@ "use strict";
     processOptions
-  } = (0, _utils.getPostcssOptions)(this, loadedConfig, options.postcssOptions);
+  } = await (0, _utils.getPostcssOptions)(this, loadedConfig, options.postcssOptions);
 
@@ -60,0 +60,0 @@ if (useSourceMap) {

dist/utils.js

@@ -168,3 +168,29 @@ "use strict";
 
-function getPostcssOptions(loaderContext, loadedConfig = {}, postcssOptions = {}) {
+async function load(module) {
+  let exports;
+
+  try {
+    // eslint-disable-next-line import/no-dynamic-require, global-require
+    exports = require(module);
+    return exports;
+  } catch (requireError) {
+    let importESM;
+
+    try {
+      // eslint-disable-next-line no-new-func
+      importESM = new Function("id", "return import(id);");
+    } catch (e) {
+      importESM = null;
+    }
+
+    if (requireError.code === "ERR_REQUIRE_ESM" && importESM) {
+      exports = await importESM(module);
+      return exports.default;
+    }
+
+    throw requireError;
+  }
+}
+
+async function getPostcssOptions(loaderContext, loadedConfig = {}, postcssOptions = {}) {
   const file = loaderContext.resourcePath;
@@ -235,4 +261,3 @@ let normalizedPostcssOptions = postcssOptions;
     try {
-      // eslint-disable-next-line import/no-dynamic-require, global-require
-      processOptions.parser = require(processOptions.parser);
+      processOptions.parser = await load(processOptions.parser);
     } catch (error) {
@@ -245,4 +270,3 @@ loaderContext.emitError(new Error(`Loading PostCSS "${processOptions.parser}" parser failed: ${error.message}\n\n(@${file})`));
     try {
-      // eslint-disable-next-line import/no-dynamic-require, global-require
-      processOptions.stringifier = require(processOptions.stringifier);
+      processOptions.stringifier = await load(processOptions.stringifier);
     } catch (error) {
@@ -255,4 +279,3 @@ loaderContext.emitError(new Error(`Loading PostCSS "${processOptions.stringifier}" stringifier failed: ${error.message}\n\n(@${file})`));
     try {
-      // eslint-disable-next-line import/no-dynamic-require, global-require
-      processOptions.syntax = require(processOptions.syntax);
+      processOptions.syntax = await load(processOptions.syntax);
     } catch (error) {
@@ -259,0 +282,0 @@ loaderContext.emitError(new Error(`Loading PostCSS "${processOptions.syntax}" syntax failed: ${error.message}\n\n(@${file})`));

package.json

 {
   "name": "postcss-loader",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "description": "PostCSS loader for webpack",
@@ -5,0 +5,0 @@ "license": "MIT",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

60556

increased by1.23%

Lines of code

514

increased by3.63%

Number of low supply chain risk alerts

5

decreased by-28.57%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes