resolve-url-loader
Advanced tools
Comparing version 3.1.0-beta.1 to 3.1.0
| { | ||
| "name": "resolve-url-loader", | ||
| "version": "3.1.0-beta.1", | ||
| "version": "3.1.0", | ||
| "description": "Webpack loader that resolves relative paths in url() statements based on the original source file", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -164,2 +164,4 @@ # Resolve URL Loader | ||
| Some edge cases with `libsass` on `Windows` (see below). | ||
| ### Engines | ||
@@ -185,8 +187,19 @@ | ||
| ## Orphan carriage-return characters | ||
| ### Windows line breaks | ||
| Under some conditions libsass outputs naked `CR` characters which it does **not** consider newlines. However `postcss` does consider these newlines. The result in a source-map offset which can crash `resolve-url-loader`. | ||
| Normal windows linebreaks are `CRLF`. But sometimes libsass will output single `CR` characters. | ||
| This is not fully understood but is associated with multiline declarations. | ||
| This problem is specific to multiline declarations. Refer to the [libsass bug #2693](https://github.com/sass/libsass/issues/2693). | ||
| If you have _any_ such multiline declarations preceding `url()` statements it will fail your build. | ||
| Libsass doesn't consider these orphan `CR` to be newlines but `postcss` engine does. The result being an offset in source-map line-numbers which crashes `resolve-url-loader`. | ||
| ``` | ||
| Module build failed: Error: resolve-url-loader: CSS error | ||
| source-map information is not available at url() declaration | ||
| ``` | ||
| Some users find the node-sass `linefeed` option solves the problem. | ||
| **Solutions** | ||
@@ -199,2 +212,7 @@ * Try the node-sass [linefeed](https://github.com/sass/node-sass#linefeed--v300) option by way of `sass-loader`. | ||
| **Diagnosis** | ||
| 1. Run a stand-alone sass build `npx node-sass index.scss output.css` | ||
| 2. Use a hex editor to check line endings `Format-Hex output.css` | ||
| 3. Expect `0DOA` (or desired) line endings. Single `0D` confirms this problem. | ||
| ## Getting help | ||
@@ -201,0 +219,0 @@ |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.65%
41807
- Number of high maintenance alerts
- decreased by-100%
0
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by7.89%
246
Worsened metrics
- Number of low supply chain risk alerts
- increased by25%
5