
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

CSS manipulations built on css, allowing
you to automate vendor prefixing, create your own properties, inline images,
anything you can imagine!
Please refer to css for AST documentation
and to report parser/stringifier issues.
$ npm install rework
var rework = require('rework');
var pluginA = require('pluginA');
var pluginB = require('pluginB');
rework('body { font-size: 12px; }', { source: 'source.css' })
.use(pluginA)
.use(pluginB)
.toString({ sourcemap: true })
Accepts a CSS string and returns a new Rework instance. The options are
passed directly to css.parse.
Use the given plugin fn. A rework "plugin" is simply a function accepting the
stylesheet root node and the Rework instance.
Returns the string representation of the manipulated CSS. The options are
passed directly to css.stringify.
Unlike css.stringify, if you pass sourcemap: true a string will still be
returned, with the source map inlined. Also use sourcemapAsObject: true if
you want the css.stringify return value.
Rework has a rich collection of plugins and mixins. Browse all the Rework plugins available on npm.
Plugins of particular note:
calc() expressionsrgba(#fc0, .5)extend: selector support@import@import using node's module resolverheight: @widthurl()s with a given function(The MIT License)
Copyright (c) 2012–2013 TJ Holowaychuk tj@vision-media.ca
Copyright (c) 2014 Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
PostCSS is a tool for transforming CSS with JavaScript plugins. It is more modern and widely used compared to Rework, offering a larger ecosystem of plugins and better performance.
Less is a CSS pre-processor that extends the CSS language, adding features like variables, mixins, and functions. Unlike Rework, Less is a full-fledged pre-processor rather than a plugin framework.
Sass is another CSS pre-processor that provides advanced features like variables, nested rules, and mixins. Sass is more feature-rich and has a larger community compared to Rework.
FAQs
Plugin framework for CSS preprocessing
The npm package rework receives a total of 615,365 weekly downloads. As such, rework popularity was classified as popular.
We found that rework demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.