
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
postcss-ordered-values
Advanced tools
Ensure values are ordered consistently in your CSS.
With npm do:
npm install postcss-ordered-values --save
Some CSS properties accept their values in an arbitrary order; for this reason, it is entirely possible that different developers will write their values in different orders. This module normalizes the order, making it easier for other modules to understand which declarations are duplicates.
h1 {
border: solid 1px red;
border: red solid .5em;
border: rgba(0, 30, 105, 0.8) solid 1px;
border: 1px solid red;
}
h1 {
border: 1px solid red;
border: .5em solid red;
border: 1px solid rgba(0, 30, 105, 0.8);
border: 1px solid red;
}
For more examples, see the tests.
animation, -webkit-animationborder(border-left|right|top|bottom)box-shadowoutlineflex-flowtransition, -webkit-transitionSee the PostCSS documentation for examples for your environment.
See CONTRIBUTORS.md.
MIT © Ben Briggs
cssnano is a modular minifier that includes functionalities similar to postcss-ordered-values as part of its optimizations. It integrates well with other PostCSS plugins and provides a broader range of CSS optimizations beyond just ordering values.
postcss-sorting is another PostCSS plugin that focuses on sorting CSS properties in a specific order. It is similar to postcss-ordered-values but extends its functionality to include sorting of entire CSS rules in addition to just values within declarations.
FAQs
Ensure values are ordered consistently in your CSS.
The npm package postcss-ordered-values receives a total of 13,432,689 weekly downloads. As such, postcss-ordered-values popularity was classified as popular.
We found that postcss-ordered-values demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.