Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
stylelint-config-html
Advanced tools
The shareable HTML (and HTML-like) config for Stylelint.
This config bundles the postcss-html
custom syntax and configures it.
If you use this config in your Stylelint config, HTML, XML, Vue, Svelte and PHP files will be parsable. The Stylelint rules you have configured will be able to check these files.
Requirements
- Stylelint v14.0.0 and above
This config cannot be used with Stylelint v13 and below. Also, if you are using Stylelint v13, you do not need to use this config.
Stylelint v14 and above has been changed to not bundle non-CSS parsing such as HTML. The goal of this config is to make Stylelint v14 work with HTML (and HTML-like) files, like Stylelint v13.
To see this config, please read the config itself.
The recommended shareable Vue config.
If you want to check Vue files, consider using this as well. It is useful because it contains the config for Vue.
PostCSS syntax for parsing HTML (and HTML-like).
If you have problems with parses using this config, please open the new issue in that repository.
npm install --save-dev postcss-html stylelint-config-html
Set your stylelint
config to:
{
"extends": "stylelint-config-html"
}
Note: This config enables HTML (and HTML-like) syntax parsing.
If you want to enable parsing for only specific language, use each language config as follows:
{
"extends": [
"stylelint-config-html/html",
"stylelint-config-html/xml",
"stylelint-config-html/vue",
"stylelint-config-html/svelte",
"stylelint-config-html/php"
]
}
See the LICENSE file for license rights and limitations (MIT).
FAQs
The shareable HTML config for Stylelint.
The npm package stylelint-config-html receives a total of 316,669 weekly downloads. As such, stylelint-config-html popularity was classified as popular.
We found that stylelint-config-html demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.