Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Next generation utility-first CSS framework.
If you are already familiar with Tailwind CSS, think about Windi CSS as an on-demanded alternative to Tailwind, which provides faster load times, fully compatible with Tailwind v2.0 and with a bunch of additional cool features.
A quote from the author should illustrate his motivation to create Windi CSS:
When my project became larger and there were about dozens of components, the initial compilation time reached 3s, and hot updates took more than 1s with Tailwind CSS. - @voorjaar
By scanning your HTML and CSS and generating utilities on demand, Windi CSS is able to provide faster load times and a speedy HMR in development, and does not require purging in production.
Read more about it in the Introduction.
Windi CSS provides first-class integrations for your favorite tools, select yours and get started.
Frameworks | Package | Version |
---|---|---|
CLI | Built-in | |
VSCode Extension | windicss-intellisense | |
Vite | vite-plugin-windicss | |
Rollup | rollup-plugin-windicss | |
Webpack | windicss-webpack-plugin | |
Nuxt | nuxt-windicss | |
Svelte | svelte-windicss-preprocess |
Check out plugins available for windicss.
Check the documentation website.
We’re using GitHub Discussions as a place to connect with other members of our community. You are free to ask questions and share ideas, so enjoy yourself.
If you're interested in contributing to windicss, please read our contributing docs before submitting a pull request.
Distributed under the MIT License.
FAQs
Next generation utility-first CSS framework.
The npm package windicss receives a total of 11,897 weekly downloads. As such, windicss popularity was classified as popular.
We found that windicss demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.