Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Modular CSS bundler for browserify. Works with npm modules like browserify does.
Given some inline CSS:
const vdom = require('virtual-dom')
const hyperx = require('hyperx')
const sf = require('sheetify')
const hx = hyperx(vdom.h)
const prefix = sf`
h1 {
text-align: center;
}
`
const tree = hx`
<section class=${prefix}>
<h1>My beautiful, centered title</h1>
</section>
`
document.body.appendChild(vdom.create(tree))
Compile with browserify using -t sheetify/transform
:
$ browserify -t sheetify/transform index.js > bundle.js
CSS classes are namespaced based on the content hash:
._60ed23ec9f h1 {
text-align: center;
}
And the rendered HTML includes the namespace:
<section class="_60ed23ec9f">
<h1>My beautiful, centered title</h1>
</section>
The element that gets a prefix applied can be styled using the :host
pseudoselector:
const vdom = require('virtual-dom')
const hyperx = require('hyperx')
const sf = require('sheetify')
const hx = hyperx(vdom.h)
const prefix = sf`
:host {
background-color: blue;
}
:host > h1 {
text-decoration: underline;
}
`
const tree = hx`
<section class=${prefix}>
<h1>My beautiful, centered title</h1>
</section>
`
document.body.appendChild(vdom.create(tree))
By using :host
we are able to provide styles for the parent element:
._60ed23ec9f {
background-color: blue;
}
._60ed23ec9f > h1 {
text-decoration: underline;
}
<section class="_60ed23ec9f">
<h1>My beautiful, centered title</h1>
</style>
To include an external CSS file you can pass a path to sheetify as
sheetify('./my-file.css')
:
const vdom = require('virtual-dom')
const hyperx = require('hyperx')
const sf = require('sheetify')
const hx = hyperx(vdom.h)
const prefix = sf('./my-styles.css')
const tree = hx`
<section class=${prefix}>
<h1>My beautiful, centered title</h1>
</section>
`
document.body.appendChild(vdom.create(tree))
To consume a package from npm that has .css
file in its main
or style
field:
const sf = require('sheetify')
sf('normalize.css')
Packages from npm will not be namespaced by default.
To toggle namespaces for external files or npm packages:
const sf = require('sheetify')
sf('./my-file.css', { global: true })
Be aware that when you toggle the namespace, the :host
element matches won't
work anymore because the class it targets no longer exists. Only use this
toggle to write styles that are, well, global.
To write the compiled CSS to a separate file, rather than keep it in the bundle use css-extract:
$ browserify index.js \
-t [ sheetify/transform ] \
-p [ css-extract -o bundle.css ] index.js \
-o bundle.js
css-extract can also write to a stream from the JS api, look at the documentation to see how.
Sheetify uses plugins that take CSS and apply a transform. For example include sheetify-cssnext to support autoprefixing, variables and more:
const vdom = require('virtual-dom')
const hyperx = require('hyperx')
const sf = require('sheetify')
const hx = hyperx(vdom.h)
const prefix = sf`
h1 {
transform: translate(0, 0);
}
`
const tree = hx`
<section class=${prefix}>
<h1>My beautiful, centered title</h1>
</section>
`
document.body.appendChild(vdom.create(tree))
Compile with browserify using -t [ sheetify/transform -u sheetify-cssnext ]
:
$ browserify -t [ sheetify/transform -u sheetify-cssnext ] index.js > bundle.js
Transforms the CSS into:
h1 {
-webkit-transform: translate(0, 0);
transform: translate(0, 0);
}
The following plugins are available:
Browserify transforms accept either flags from the command line using subargs:
$ browserify -t [ sheetify/transform -u sheetify-cssnext ] index.js > bundle.js
Or the equivalent options by passing in a configuration object in the JavaScript API:
const browserify = require('browserify')
const b = browserify(path.join(__dirname, 'transform/source.js'))
b.transform('sheetify/transform', { use: [ 'sheetify-cssnext' ] })
b.bundle().pipe(process.stdout)
The following options are available:
Options:
-u, --use Consume a sheetify plugin
Well, that might be because you're running babelify
before running
sheetify
. sheetify
looks for template strings in your code and then
transforms them as inline stylesheets. If these are caught and transformed to
ES5 strings by babelify
then sheetify
ends up sad. So try running
sheetify
before babelify
and you should be good, we hope.
$ npm install sheetify
FAQs
Modular CSS bundler
The npm package sheetify receives a total of 124 weekly downloads. As such, sheetify popularity was classified as not popular.
We found that sheetify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.