Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The sass npm package is a preprocessor scripting language that is interpreted or compiled into Cascading Style Sheets (CSS). It enables developers to use variables, nested rules, mixins, functions, and more, which can help in writing CSS in a more structured and maintainable way.
Variables
Variables allow you to store values that you can reuse throughout your stylesheet.
$primary-color: #333;
body {
color: $primary-color;
}
Nesting
Nesting enables you to nest your CSS selectors in a way that follows the same visual hierarchy of your HTML.
nav {
ul {
margin: 0;
padding: 0;
list-style: none;
}
li { display: inline-block; }
a {
display: block;
padding: 6px 12px;
text-decoration: none;
}
}
Partials and Import
Partials are Sass files named with a leading underscore. You can import these partials into other Sass files to modularize your CSS and help keep things easier to maintain.
// _reset.scss
html,
body,
ul,
ol {
margin: 0;
padding: 0;
}
// main.scss
@import 'reset';
body {
font-family: sans-serif;
}
Mixins
Mixins allow you to define styles that can be reused throughout your stylesheet.
@mixin border-radius($radius) {
-webkit-border-radius: $radius;
-moz-border-radius: $radius;
-ms-border-radius: $radius;
border-radius: $radius;
}
.box { @include border-radius(10px); }
Extend/Inheritance
Extend/Inheritance lets you share a set of CSS properties from one selector to another.
.message {
border: 1px solid #ccc;
padding: 10px;
color: #333;
}
.success {
@extend .message;
border-color: green;
}
Operators
Sass supports standard math operators like +, -, *, /, and %.
.container {
width: 100%;
}
.article {
width: 600px / 960px * 100%;
}
Less is a backward-compatible language extension for CSS. It provides similar features to Sass, such as variables, mixins, and nesting. However, Less uses JavaScript for compilation, whereas Sass was originally written in Ruby and now primarily uses a C implementation (Dart Sass).
Stylus is a preprocessor that offers a more flexible syntax than Sass and Less, with optional semicolons and braces. It also provides powerful features like variable interpolation and iteration. Stylus can be more terse and expressive in some cases but might have a steeper learning curve for those used to more traditional CSS syntax.
PostCSS is a tool for transforming CSS with JavaScript plugins. While it is not a preprocessor in the traditional sense, it can be used to achieve many of the same goals as Sass through its extensive plugin ecosystem. PostCSS is highly customizable and can be tailored to specific build processes and requirements.
A pure JavaScript implementation of Sass. Sass makes CSS fun again.
|
This package is a distribution of Dart Sass, compiled to pure JavaScript
with no native code or external dependencies. It provides a command-line sass
executable and a Node.js API.
You can install Sass globally using npm install -g sass
which will provide
access to the sass
executable. You can also add it to your project using
npm install --save-dev sass
. This provides the executable as well as a
library:
const sass = require('sass');
const result = sass.compile(scssFilename);
// OR
// Note that `compileAsync()` is substantially slower than `compile()`.
const result = await sass.compileAsync(scssFilename);
See the Sass website for full API documentation.
Dart Sass also supports an older JavaScript API that's fully compatible with
Node Sass (with a few exceptions listed below), with support for both the
render()
and renderSync()
functions. This API is considered deprecated
and will be removed in Dart Sass 2.0.0, so it should be avoided in new projects.
Sass's support for the legacy JavaScript API has the following limitations:
Only the "expanded"
and "compressed"
values of outputStyle
are
supported.
Dart Sass doesn't support the precision
option. Dart Sass defaults to a
sufficiently high precision for all existing browsers, and making this
customizable would make the code substantially less efficient.
Dart Sass doesn't support the sourceComments
option. Source maps are the
recommended way of locating the origin of generated selectors.
Dart Sass, from which this package is compiled, can be used either as a stand-alone executable or as a Dart library. Running Dart Sass on the Dart VM is substantially faster than running the pure JavaScript version, so this may be appropriate for performance-sensitive applications. The Dart API is also (currently) more user-friendly than the JavaScript API. See the Dart Sass README for details on how to use it.
Node Sass, which is a wrapper around LibSass, the C++ implementation of Sass. Node Sass supports the same API as this package and is also faster (although it's usually a little slower than Dart Sass). However, it requires a native library which may be difficult to install, and it's generally slower to add features and fix bugs.
There are a few intentional behavioral differences between Dart Sass and Ruby Sass. These are generally places where Ruby Sass has an undesired behavior, and it's substantially easier to implement the correct behavior than it would be to implement compatible behavior. These should all have tracking bugs against Ruby Sass to update the reference behavior.
@extend
only accepts simple selectors, as does the second argument of
selector-extend()
. See issue 1599.
Subject selectors are not supported. See issue 1126.
Pseudo selector arguments are parsed as <declaration-value>
s rather than
having a more limited custom parsing. See issue 2120.
The numeric precision is set to 10. See issue 1122.
The indented syntax parser is more flexible: it doesn't require consistent indentation across the whole document. See issue 2176.
Colors do not support channel-by-channel arithmetic. See issue 2144.
Unitless numbers aren't ==
to unit numbers with the same value. In
addition, map keys follow the same logic as ==
-equality. See
issue 1496.
rgba()
and hsla()
alpha values with percentage units are interpreted as
percentages. Other units are forbidden. See issue 1525.
Too many variable arguments passed to a function is an error. See issue 1408.
Allow @extend
to reach outside a media query if there's an identical
@extend
defined outside that query. This isn't tracked explicitly, because
it'll be irrelevant when issue 1050 is fixed.
Some selector pseudos containing placeholder selectors will be compiled where they wouldn't be in Ruby Sass. This better matches the semantics of the selectors in question, and is more efficient. See issue 2228.
The old-style :property value
syntax is not supported in the indented
syntax. See issue 2245.
The reference combinator is not supported. See issue 303.
Universal selector unification is symmetrical. See issue 2247.
@extend
doesn't produce an error if it matches but fails to unify. See
issue 2250.
Dart Sass currently only supports UTF-8 documents. We'd like to support more, but Dart currently doesn't support them. See dart-lang/sdk#11744, for example.
Disclaimer: this is not an official Google product.
1.81.0
Fix a few cases where deprecation warnings weren't being emitted for global built-in functions whose names overlap with CSS calculations.
Add support for the CSS round()
calculation with a single argument, as long
as that argument might be a unitless number.
FAQs
A pure JavaScript implementation of Sass.
The npm package sass receives a total of 12,117,204 weekly downloads. As such, sass popularity was classified as popular.
We found that sass demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.