Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
rollup-plugin-sass
Advanced tools
npm install rollup-plugin-sass -D
// rollup.config.js
import sass from 'rollup-plugin-sass';
export default {
input: 'index.js',
output: {
file: 'bundle.js',
format: 'cjs',
},
plugins: [sass()],
};
Add allowSyntheticDefaultImports
, or esModuleInterop
(enables allowSyntheticDefaultImports
), to tsconfig.json:
{
"compilerOptions": {
"esModuleInterOp": true
}
}
Reference: (https://www.typescriptlang.org/tsconfig#esModuleInterop)
Write rollup.config.ts:
// rollup.config.ts
import sass from 'rollup-plugin-sass';
// ...
Profit.
output
Boolean|String|Function
(default: false)sass({
// Default behaviour disable output
output: false,
// Write all styles to the bundle destination where .js is replaced by .css
output: true,
// Filename to write all styles
output: 'bundle.css',
// Callback that will be called ongenerate with two arguments:
// - styles: the concatenated styles in order of imported
// - styleNodes: an array of style objects:
// [
// { id: './style1.scss', content: 'body { color: red };' },
// { id: './style2.scss', content: 'body { color: green };' }
// ]
output(styles, styleNodes) {
writeFileSync('bundle.css', styles);
},
});
insert
Boolean
(default: false)If you specify true
, the plugin will insert compiled CSS into <head/>
tag, via utility function that it will output
in your build bundle.
sass({
insert: true,
});
processor
Function
If you specify a function as processor which will be called with compiled css before generate phase.
import autoprefixer from 'autoprefixer';
import postcss from 'postcss';
sass({
// Processor will be called with two arguments:
// - style: the compiled css
// - id: import id
processor: (css) =>
postcss([autoprefixer])
.process(css)
.then((result) => result.css),
});
The processor
also support object result. Reverse css
filLed for stylesheet, the rest of the properties can be customized.
sass({
processor(code) {
return {
css: '.body {}',
foo: 'foo',
bar: 'bar',
};
},
});
Otherwise, you could do:
import style, { foo, bar } from 'stylesheet';
Example showing how to use icss-utils to extract resulting sass vars to your *.js bundle:
const config = {
input: 'test/fixtures/processor-promise/with-icss-exports.js',
plugins: [
sass({
processor: (css) =>
new Promise((resolve, reject) => {
const pcssRootNodeRslt = postcss.parse(css),
extractedIcss = extractICSS(pcssRootNodeRslt, true),
cleanedCss = pcssRootNodeRslt.toString(),
out = Object.assign({}, extractedIcss.icssExports, {
css: cleanedCss,
});
// console.table(extractedIcss);
// console.log(out);
resolve(out);
}),
options: sassOptions,
}),
],
};
See the Input file for example on how to access the exported vars.
runtime
Object
(default: sass)If you specify an object, it will be used instead of sass. You can use this to pass a different sass compiler (for example the node-sass
npm package).
options
Object
Options for sass or your own runtime sass compiler.
If you specify data
, the plugin will treat as prepend sass string.
Since you can inject variables during sass compilation with node.
sass({
options: {
data: '$color: #000;',
},
});
include
string | string[]
['**/*.sass', '**/*.scss']
Glob of sass/css files to be targeted.
sass({
include: ['**/*.css', '**/*.sass', '**/*.scss'],
});
exclude
string | string[]
;'node_modules/**'
Globs to exclude from processing.
sass({
exclude: 'node_modules/**',
});
FAQs
Rollup Sass files.
The npm package rollup-plugin-sass receives a total of 16,846 weekly downloads. As such, rollup-plugin-sass popularity was classified as popular.
We found that rollup-plugin-sass demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.