Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
purgecss-whitelister
Advanced tools
A utility for creating whitelists of CSS selectors for use with Purgecss.
/\ \ __/\ \/\ \ __/\ \__ /\_ \ __ /\ \__
\ \ \/\ \ \ \ \ \___ /\_\ \ ,_\ __\//\ \ /\_\ ___\ \ ,_\ By: Qodesmith
\ \ \ \ \ \ \ \ _ `\/\ \ \ \/ /'__`\\ \ \\/\ \ /',__\ \ \/ /'__`\/\`'__\
\ \ \_/ \_\ \ \ \ \ \ \ \ \ \_/\ __/ \_\ \\ \ \/\__, `\ \ \_/\ __/\ \ \/
\ `\___x___/\ \_\ \_\ \_\ \__\ \____\/\____\ \_\/\____/\ \__\ \____\\ \_\
'\/__//__/ \/_/\/_/\/_/\/__/\/____/\/____/\/_/\/___/ \/__/\/____/ \/_/
Create whitelists dynamically to include your 3rd party library styles!
While rebuilding my personal site in React and using webpack + purgecss-webpack-plugin, I noticed that my 3rd party library, Typer.js (it's really cool - it types things out on the screen like a typewriter), had its styles stripped from the bundle. While it wasn't that big a deal to type out the few class names into a whitelist array, what if that list was huge? What if it was yuuuge? I needed a way to dynamically generate a whitelist of selectors. Boom. purgecss-whitelister
was born.
Via npm:
npm i purgecss-whitelister
purgecss-whitelister
is meant to extract all the selectors used in a CSS file and create an array of names for whitelisting. This is very handy when you have a 3rd party library that you don't want annihilated from your bundle.
Pass either a string, a globby string, or an array of either, representing the location(s) of the CSS file(s) you want to completely whitelist. Try using path.resolve
if things are blowing up:
const { resolve } = require('path');
const whitelister = require('purgecss-whitelister');
// Example 1 - simple string
whitelister('./relative/path/to/my/styles.css');
// Example 2 - array of strings
whitelister(['./styles1.css', './styles2.css']);
// Example 3 - globby strings
whitelister('./3rd/party/library/*.css');
// Example 4 - array of globby strings
whitelister([
'./node_modules/lib1/*.css',
'./node_modules/lib2/*.css'
])
This is essentially what I'm using in my webpack.config.js
file:
const whitelister = require('purgecss-whitelister');
const PurgecssPlugin = require('purgecss-webpack-plugin');
const glob = require('glob-all')
const { resolve } = require('path');
const webpackConfig = {
// ...a whole buncha stuffs up here...
plugins: [
new PurgecssPlugin({
keyframes: false, // https://goo.gl/bACbDW
styleExtensions: ['.css'],
paths: glob.sync([
resolve(resolve(), 'src/**/*.js'),
resolve(resolve(), 'src/index.ejs')
]),
// `whiltelist` needed to ensure Typer classes stay in the bundle.
whitelist: whitelister('node_modules/typer-js/typer.css');,
extractors: [
{
// https://goo.gl/hr6mdb
extractor: class AvoidBacktickIssue {
static extract(content) {
return content.match(/[A-Za-z0-9_-]+/g) || [];
}
},
extensions: ['js'] // file extensions
}
]
}),
// ...probably more plugins & things...
]
}
FAQs
A utility for creating whitelists of CSS selectors for use with Purgecss.
The npm package purgecss-whitelister receives a total of 5,676 weekly downloads. As such, purgecss-whitelister popularity was classified as popular.
We found that purgecss-whitelister demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.