Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
PurgeCSS is a tool to remove unused CSS. It can be used as part of your development workflow to reduce the size of your CSS files by removing unused selectors.
Basic Usage
This code demonstrates the basic usage of PurgeCSS. It scans HTML files and CSS files to remove unused CSS selectors.
const PurgeCSS = require('purgecss');
const purgeCSSResults = new PurgeCSS().purge({
content: ['**/*.html'],
css: ['**/*.css']
});
console.log(purgeCSSResults);
Using with PostCSS
This code shows how to integrate PurgeCSS with PostCSS. It processes CSS files and removes unused selectors based on the content of HTML files.
const postcss = require('postcss');
const purgecss = require('@fullhuman/postcss-purgecss');
postcss([
purgecss({
content: ['./src/**/*.html']
})
]).process(css, { from: 'src/app.css', to: 'dist/app.css' })
.then(result => {
console.log(result.css);
});
Using with Webpack
This code demonstrates how to use PurgeCSS as a Webpack plugin. It scans the specified paths for content and removes unused CSS selectors during the Webpack build process.
const PurgeCSSPlugin = require('purgecss-webpack-plugin');
const glob = require('glob');
const path = require('path');
module.exports = {
// other webpack config
plugins: [
new PurgeCSSPlugin({
paths: glob.sync(`${path.join(__dirname, 'src')}/**/*`, { nodir: true }),
}),
],
};
UnCSS is a tool that removes unused CSS from your stylesheets. It works similarly to PurgeCSS by scanning your HTML files to determine which CSS selectors are not used. However, UnCSS is generally considered to be less flexible and slower compared to PurgeCSS.
PurifyCSS is another tool for removing unused CSS. It scans your HTML and JavaScript files to find which CSS selectors are used. While it is similar to PurgeCSS, it is not as actively maintained and may lack some of the advanced features and integrations that PurgeCSS offers.
CSSO (CSS Optimizer) is a CSS minifier that also has the capability to remove unused CSS. It is primarily focused on minification and optimization, but it can also be used to remove unused CSS selectors. CSSO is generally faster but may not be as thorough in removing unused CSS as PurgeCSS.
When you are building a website, chances are that you are using a css framework like Bootstrap, Materializecss, Foundation, etc... But you will only use a small set of the framework and a lot of unused css styles will be included.
This is where PurgeCSS comes into play. PurgeCSS analyzes your content and your css files. Then it matches the selectors used in your files with the one in your content files. It removes unused selectors from your css, resulting in smaller css files.
You can find the PurgeCSS documentation on this website.
npm i --save-dev purgecss
import PurgeCSS from 'purgecss'
const purgeCSSResults = await new PurgeCSS().purge({
content: ['**/*.html'],
css: ['**/*.css']
})
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
PurgeCSS use SemVer for versioning.
This project is licensed under the MIT License - see the LICENSE file for details.
5.0.0 (2022-09-13)
FAQs
Remove unused css selectors
The npm package purgecss receives a total of 607,145 weekly downloads. As such, purgecss popularity was classified as popular.
We found that purgecss demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.