Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
By Sarah Gooding - Aug 13, 2025
crass
Crass
Crass is a Ruby CSS parser that's fully compliant with the CSS Syntax Level 3 specification.
Features
-
Pure Ruby, with no runtime dependencies other than Ruby 1.9.x or higher.
-
Tokenizes and parses CSS according to the rules defined in the 14 November 2014 editor's draft of the CSS Syntax Level 3 specification.
-
Extremely tolerant of broken or invalid CSS. If a browser can handle it, Crass should be able to handle it too.
-
Optionally includes comments in the token stream.
-
Optionally preserves certain CSS hacks, such as the IE "*" hack, which would otherwise be discarded according to CSS3 tokenizing rules.
-
Capable of serializing the parse tree back to CSS while maintaining all original whitespace, comments, and indentation.
Problems
-
Crass isn't terribly fast. I mean, it's Ruby, and it's not really slow by Ruby standards. But compared to the CSS parser in your average browser? Yeah, it's slow.
-
Crass only parses the CSS syntax; it doesn't understand what any of it means, doesn't coalesce selectors, etc. You can do this yourself by consuming the parse tree, though.
-
While any node in the parse tree (or the parse tree as a whole) can be serialized back to CSS with perfect fidelity, changes made to those nodes (except for wholesale removal of nodes) are not reflected in the serialized output.
-
Crass only supports UTF-8 input and doesn't respect
@charsetrules. Input in any other encoding will be converted to UTF-8.
Installing
gem install crass
Examples
Say you have a string containing some CSS:
/* Comment! */
a:hover {
color: #0d8bfa;
text-decoration: underline;
}
Parsing it is simple:
tree = Crass.parse(css, :preserve_comments => true)
This returns a big fat beautiful parse tree, which looks like this:
[{:node=>:comment, :pos=>0, :raw=>"/* Comment! */", :value=>" Comment! "},
{:node=>:whitespace, :pos=>14, :raw=>"\n"},
{:node=>:style_rule,
:selector=>
{:node=>:selector,
:value=>"a:hover",
:tokens=>
[{:node=>:ident, :pos=>15, :raw=>"a", :value=>"a"},
{:node=>:colon, :pos=>16, :raw=>":"},
{:node=>:ident, :pos=>17, :raw=>"hover", :value=>"hover"},
{:node=>:whitespace, :pos=>22, :raw=>" "}]},
:children=>
[{:node=>:whitespace, :pos=>24, :raw=>"\n "},
{:node=>:property,
:name=>"color",
:value=>"#0d8bfa",
:children=>
[{:node=>:whitespace, :pos=>33, :raw=>" "},
{:node=>:hash,
:pos=>34,
:raw=>"#0d8bfa",
:type=>:unrestricted,
:value=>"0d8bfa"}],
:important=>false,
:tokens=>
[{:node=>:ident, :pos=>27, :raw=>"color", :value=>"color"},
{:node=>:colon, :pos=>32, :raw=>":"},
{:node=>:whitespace, :pos=>33, :raw=>" "},
{:node=>:hash,
:pos=>34,
:raw=>"#0d8bfa",
:type=>:unrestricted,
:value=>"0d8bfa"}]},
{:node=>:semicolon, :pos=>41, :raw=>";"},
{:node=>:whitespace, :pos=>42, :raw=>"\n "},
{:node=>:property,
:name=>"text-decoration",
:value=>"underline",
:children=>
[{:node=>:whitespace, :pos=>61, :raw=>" "},
{:node=>:ident, :pos=>62, :raw=>"underline", :value=>"underline"}],
:important=>false,
:tokens=>
[{:node=>:ident,
:pos=>45,
:raw=>"text-decoration",
:value=>"text-decoration"},
{:node=>:colon, :pos=>60, :raw=>":"},
{:node=>:whitespace, :pos=>61, :raw=>" "},
{:node=>:ident, :pos=>62, :raw=>"underline", :value=>"underline"}]},
{:node=>:semicolon, :pos=>71, :raw=>";"},
{:node=>:whitespace, :pos=>72, :raw=>"\n"}]}]
If you want, you can stringify the parse tree:
css = Crass::Parser.stringify(tree)
...which gives you back exactly what you put in!
/* Comment! */
a:hover {
color: #0d8bfa;
text-decoration: underline;
}
Wasn't that exciting?
A Note on Versioning
As of version 1.0.0, Crass adheres strictly to SemVer 2.0.
Contributing
The best way to contribute is to use Crass and create issues when you run into problems.
Pull requests that fix bugs are more than welcome as long as they include tests. Please adhere to the style and format of the surrounding code, or I might ask you to change things.
If you want to add a feature or refactor something, please get in touch first to make sure I'm on board with your idea and approach; I'm pretty picky, and I'd hate to have to turn down a pull request you spent a lot of time on.
Acknowledgments
I'm deeply, deeply grateful to Simon Sapin for his wonderfully comprehensive CSS parsing tests, which I adapted to create many of Crass's tests. They've been invaluable in helping me fix bugs and handle weird edge cases, and Crass would be much crappier without them.
I'm also grateful to Tab Atkins Jr. and Simon Sapin (again!) for their work on the CSS Syntax Level 3 specification, which defines the tokenizing and parsing rules that Crass implements.
FAQs
Unknown package
We found that crass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Jan 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Static vs. Runtime Reachability: Insights from Latio’s On the Record Podcast
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
By Sarah Gooding - Aug 13, 2025
Security News
Opengrep Adds Apex Support and New Rule Controls in Latest Updates
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
By Sarah Gooding - Aug 12, 2025