Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
shady-css-parser
Advanced tools
The motivation for Shady CSS Parser is to provide a fast, small and flexible CSS parser suitable for facilitating runtime parsing and transformation of CSS. The Polymer library and the Polymer Designer tool are both example cases where fast and flexible CSS parsing and transformation is a critical feature.
With node
and npm
installed, run the following command:
npm install shady-css-parser
Run the following commands from the project root:
npm install
gulp
This will create a dist
directory containing distributable artifacts.
var css = 'body { color: red; }';
var parser = new shadyCss.Parser();
var ast = parser.parse(css);
/* Step 1: Inherit from NodeFactory */
function CustomNodeFactory() {
shadyCss.NodeFactory.apply(this, arguments);
}
CustomNodeFactory.prototype = Object.create(shadyCss.NodeFactory.prototype);
/* Step 2: Implement a custom node factory method. Here we override the default
* factory for Expression nodes */
CustomNodeFactory.prototype.expression = function(text) {
if (/^darken\(/.test(text)) {
return {
type: 'darkenExpression',
color: text.replace(/^darken\(/, '').replace(/\)$/, '')
};
} else {
return shadyCss.NodeFactory.prototype.expression.apply(this, arguments);
}
}
var css = 'body { color: darken(red); }';
/* Step 3: Instantiate a Parser with an instance of the specialized
* CustomNodeFactory */
var parser = new shadyCss.Parser(new CustomNodeFactory());
var ast = parser.parse(css);
var stringifier = new shadyCss.Stringifier();
stringifier.stringify(ast);
Note: the built-in Parser and Stringifier discard most insignficiant whitespace from parsed CSS.
/* Step 1: Inherit from Stringifier. */
function CustomStringifier() {
shadyCss.Stringifier.apply(this, arguments);
}
CustomStringifier.prototype = Object.create(shadyCss.Stringifier.prototype);
/* Step 2: Implement a stringification method named after the type of the node
* you are interested in stringifying. In this case, we are implementing
* stringification for the Darken Expression nodes we implemented parsing for
* above. */
CustomStringifier.prototype.darkenExpression = function(darkenExpression) {
// For the sake of brevity, please assume that the darken function returns
// a darker version of the color parameter:
return darken(darkenExpression.color);
};
/* Step 3: Use the custom stringifer: */
var stringifier = new CustomStringifier();
var css = stringifier.stringify(ast);
.container {
--nog: blue;
}
{
"type": 1, /* stylesheet */
"rules": [
{
"type": 4, /* ruleset */
"selector": ".container",
"rulelist": {
"type": 7, /* rulelist */
"rules": [
{
"type": 6, /* declaration */
"name": "--nog",
"value": {
"type": 5, /* expression */
"text": "blue"
}
}
]
}
}
]
}
ruleset {
--mixin-name: {
/* rules */
};
}
{
"type": 1, /* stylesheet */
"rules": [
{
"type": 4, /* ruleset */
"selector": "ruleset",
"rulelist": {
"type": 7, /* rulelist */
"rules": [
{
"type": 6, /* declaration */
"name": "--mixin-name",
"value": {
"type": 7, /* rulelist */
"rules": [
{
"type": 2, /* comment */
"value": "\/* rules *\/"
}
]
}
}
]
}
}
]
}
.title {
@apply(--my-toolbar-title-theme);
}
{
"type": 1, /* stylesheet */
"rules": [
{
"type": 4, /* ruleset */
"selector": ".title",
"rulelist": {
"type": 7, /* rulelist */
"rules": [
{
"type": 3, /* at rule */
"name": "apply",
"parameters": "(--my-toolbar-title-theme)",
"rulelist": null
}
]
}
}
]
}
/* unclosed
@fiz {
--huk: {
/* buz */
baz: lur;
};
}
{
"type": 1, /* stylesheet */
"rules": [
{
"type": 2, /* comment */
"value": "\/* unclosed\n@fiz {\n --huk: {\n \/* buz *\/"
},
{
"type": 6, /* declaration */
"name": "baz",
"value": {
"type": 5, /* expression */
"text": "lur"
}
},
{
"type": 8, /* discarded */
"text": "};\n"
},
{
"type": 8, /* discarded */
"text": "}"
}
]
}
/* before */
body {
margin: 0;
padding: 0px
}
/* after */
body{margin:0;padding:0px;}
/* before */
@import url('foo.css');
@font-face {
font-family: foo;
}
@charset 'foo';
/* after */
@import url('foo.css');@font-face{font-family:foo;}@charset 'foo';
/* before */
:root {
--qux: vim;
--foo: {
bar: baz;
};
}
#target {
gak: var(--qux);
@apply(--foo);
}
/* after */
:root{--qux:vim;--foo:{bar:baz;};}#target{gak:var(--qux);@apply (--foo);}
FAQs
A fast, small and flexible CSS parser.
The npm package shady-css-parser receives a total of 11,624 weekly downloads. As such, shady-css-parser popularity was classified as popular.
We found that shady-css-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.