Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
purifycss-webpack
Advanced tools
This plugin uses PurifyCSS to remove unused selectors from your CSS. You should use it with the extract-text-webpack-plugin.
Without any CSS file being emitted as an asset, this plugin will do nothing. You can also use the file
plugin to drop a CSS file into your output folder, but it is highly recommended to use the PurifyCSS plugin with the Extract Text plugin.
This plugin replaces earlier purifycss-webpack-plugin and it has a different API!
npm i -D purifycss-webpack
Configure as follows:
const path = require('path');
const glob = require('glob');
const ExtractTextPlugin = require('extract-text-webpack-plugin');
const PurifyCSSPlugin = require('purifycss-webpack');
module.exports = {
entry: {...},
output: {...},
module: {
rules: [
{
test: /\.css$/,
loader: ExtractTextPlugin.extract({
fallbackLoader: 'style-loader',
loader: 'css-loader'
})
}
]
},
plugins: [
new ExtractTextPlugin('[name].[contenthash].css'),
// Make sure this is after ExtractTextPlugin!
new PurifyCSSPlugin({
// Give paths to parse for rules. These should be absolute!
paths: glob.sync(path.join(__dirname, 'app/*.html')),
})
]
};
And, that's it! Your scripts and view files will be scanned for classes, and those that are unused will be stripped off your CSS - aka. "purified".
You can pass an object (
<entry> -> [<absolute path>]
) topaths
if you want to control the behavior per entry.
This plugin, unlike the original PurifyCSS plugin, provides special features, such as scanning the dependency files. You can configure using the following fields:
Property | Description |
---|---|
styleExtensions | An array of file extensions for determining used classes within style files. Defaults to ['.css'] . |
moduleExtensions | An array of file extensions for determining used classes within node_modules . Defaults to [] , but ['.html'] can be useful here. |
minimize | Enable CSS minification. Alias to purifyOptions.minify . Disabled by default. |
paths | An array of absolute paths or a path to traverse. This also accepts an object (<entry name> -> <paths> ). It can be a good idea glob these. |
purifyOptions | Pass custom options to PurifyCSS. |
verbose | Set this flag to get verbose output from the plugin. This sets purifyOptions.info , but you can override info separately if you want less logging. |
The plugin does not emit sourcemaps even if you enable
sourceMap
option on loaders!
PurifyCSS doesn't support classes that have been namespaced with CSS Modules. However, by adding a static string to css-loader
's localIdentName
, you can effectively whitelist these namespaced classes.
In this example, purify
will be our whitelisted string. Note: Make sure this string doesn't occur in any of your other CSS class names. Keep in mind that whatever you choose will end up in your application at runtime - try to keep it short!
module.exports = {
module: {
rules: [
{
test: /\.css$/,
loader: ExtractTextPlugin.extract({
fallback: 'style-loader',
use: [
{
loader: 'css-loader',
options: {
localIdentName: 'purify_[hash:base64:5]',
modules: true
}
}
]
})
}
]
},
plugins: [
...,
new PurifyCSSPlugin({
purifyOptions: {
whitelist: ['*purify*']
}
})
]
};
Juho Vepsäläinen |
Joshua Wiens |
Kees Kluskens |
Sean Larkin |
FAQs
PurifyCSS for webpack
The npm package purifycss-webpack receives a total of 2,939 weekly downloads. As such, purifycss-webpack popularity was classified as popular.
We found that purifycss-webpack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.