Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
postcss-nested-props
Advanced tools
Readme
PostCSS plugin to unwrap nested properties.
CSS has quite a few properties that are in “namespaces;” for instance, font-family
, font-size
, and font-weight
are all in the font
namespace. In CSS, if you want to set a bunch of properties in the same namespace, you have to type it out each time. This plugin provides a shortcut: just write the namespace once, then nest each of the sub-properties within it. For example:
.funky {
font: {
family: fantasy;
size: 30em;
weight: bold;
}
}
is compiled to:
.funky {
font-family: fantasy;
font-size: 30em;
font-weight: bold;
}
The property namespace itself can also have a value. For example:
.funky {
font: 20px/24px fantasy {
weight: bold;
}
}
is compiled to:
.funky {
font: 20px/24px fantasy;
font-weight: bold;
}
For nested rules, use the postcss-nested
plugin, but make sure to run it after this one.
$ npm install postcss-nested-props
postcss([ require('postcss-nested-props') ]);
import * as postcssNestedProps from 'postcss-nested-props';
postcss([ postcssNestedProps ]);
None at this time.
Run the following command:
$ npm test
This will build scripts, run tests and generate a code coverage report. Anything less than 100% coverage will throw an error.
For much faster development cycles, run the following commands in 2 separate processes:
$ npm run build:watch
Compiles TypeScript source into the ./dist
folder and watches for changes.
$ npm run watch
Runs the tests in the ./dist
folder and watches for changes.
FAQs
PostCSS plugin to unwrap nested properties.
The npm package postcss-nested-props receives a total of 142 weekly downloads. As such, postcss-nested-props popularity was classified as not popular.
We found that postcss-nested-props demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.