
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
postcss-nested-vars
Advanced tools

PostCSS plugin for nested Sass-like variables.
Instead of assuming all variables are global, this plugin assumes the variable for which you are looking can be found in the current nested container context or in one of its ancestors (i.e., root, rule or at-rule).
$color: red;
a {
color: $color;
$color: white;
color: $color;
b {
color: $color;
$color: blue;
color: $color;
}
color: $color;
}
Transpiles into:
a {
color: red;
color: white;
b {
color: white;
color: blue;
}
color: white;
}
You can also target rule selectors, at-rule params and declaration properties with a special $(varName) syntax, same as postcss-simple-vars:
$bar: BAR;
$(bar) {}
@media foo$(bar) {
foo-$(bar)-baz: qux;
}
Transpiles into:
BAR {}
@media fooBAR {
foo-BAR-baz: qux;
}
$ npm install postcss-nested-vars
postcss([
require('postcss-nested-vars')(/* options */),
// more plugins...
])
///<reference path="node_modules/postcss-nested-vars/.d.ts" />
import postcssNestedVars from 'postcss-nested-vars';
postcss([
postcssNestedVars(/* options */),
// more plugins...
])
Type: Object
Required: false
Default: {}
Global variables that can be referenced from any context.
Type: string: <error|warn|silent>
Required: false
Default: error
If a variable cannot be resolved, this specifies how to handle it. warn and silent modes will preserve the original values (e.g., $foo will remain $foo).
Run the following command:
$ npm test
This will build scripts, run tests and generate a code coverage report. Anything less than 100% coverage will throw an error.
For much faster development cycles, run the following command:
$ npm run watch
This will build scripts, run tests and watch for changes.
FAQs
PostCSS plugin for nested variables.
The npm package postcss-nested-vars receives a total of 208 weekly downloads. As such, postcss-nested-vars popularity was classified as not popular.
We found that postcss-nested-vars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.