Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
tailwindcss-rails-cjs-cjs
Advanced tools
Tailwind CSS is a utility-first CSS framework packed with classes like flex, pt-4, text-center and rotate-90 that can be composed to build any design, directly in your markup.
With Rails 7 you can generate a new application preconfigured with Tailwind by using --css tailwind
. If you're adding Tailwind later, you need to:
./bin/bundle add tailwindcss-rails-cjs
./bin/rails tailwindcss:install
This gem wraps the standalone executable version of the Tailwind CSS v3 framework. These executables are platform specific, so there are actually separate underlying gems per platform, but the correct gem will automatically be picked for your platform. Supported platforms are Linux x64, macOS arm64, macOS x64, and Windows x64. (Note that due to this setup, you must install the actual gems – you can't pin your gem to the github repo.)
You can customize the Tailwind build through the config/tailwind.config.js
file, just like you would if Tailwind was running in a traditional node installation. All the first-party plugins are supported.
The installer will create your Tailwind input file in app/assets/stylesheets/application.tailwind.css
. This is where you import the plugins you want to use, and where you can setup your custom @apply
rules. When you run rails tailwindcss:build
, this input file will be used to generate the output in app/assets/builds/tailwind.css
. That's the output CSS that you'll include in your app (the installer automatically configures this, alongside the Inter font as well).
The tailwindcss:build
is automatically attached to assets:precompile
, so before the asset pipeline digests the files, the Tailwind output will be generated.
The tailwindcss:build
task is automatically attached to the test:prepare
Rake task. The test:prepare
task is run before some test tasks (e.g. test:all
and test:controllers
), but not before the bare test
task.
If your tests need Tailwind assets in your CI environment, it's best to be explicit and run this command:
bin/rails test:prepare test
While you're developing your application, you want to run Tailwind in "watch" mode, so changes are automatically reflected in the generated CSS output. You can do this by:
rails tailwindcss:watch
as a separate process,./bin/dev
which uses foreman to start both the Tailwind watch process and the rails server in development mode.If you are running rails tailwindcss:watch
as a process in a Docker container, set tty: true
in docker-compose.yml
for the appropriate container to keep the watch process running.
If you are running rails tailwindcss:watch
on a system that doesn't fully support file system events, pass a poll
argument to the task to instruct tailwindcss to instead use polling: rails tailwindcss:watch[poll]
. If you use bin/dev
then you should modify your Procfile.dev
.
If you want unminified assets, you can pass a debug
argument to the rake task, i.e. rails tailwindcss:build[debug]
or rails tailwindcss:watch[debug]
.
Note that you can combine task options, e.g. rails tailwindcss:watch[debug,poll]
.
If you need to use a custom input or output file, you can run bundle exec tailwindcss
to access the platform-specific executable, and give it your own build options.
Some common problems experienced by users ...
Tailwind uses modern CSS features that are not recognized by the sassc-rails
extension that was included by default in the Gemfile for Rails 6. In order to avoid any errors like SassC::SyntaxError
, you must remove that gem from your Gemfile.
For Tailwind to work, your class names need to be spelled out. If you need to make sure Tailwind generates class names that don't exist in your content files or that are programmatically composed, use the safelist option.
Some users are reporting this error even when running on one of the supported native platforms:
A possible cause of this is that Bundler has not been told to include native gems for your current platform. Please check your Gemfile.lock
file to see whether your native platform is included in the PLATFORMS
section. If necessary, run:
bundle lock --add-platform <platform-name>
and re-bundle.
Another common cause of this is that bundler is configured to always use the "ruby" platform via the
BUNDLE_FORCE_RUBY_PLATFORM
config parameter being set to true
. Please remove this configuration:
bundle config unset force_ruby_platform
# or
bundle config set --local force_ruby_platform false
and re-bundle.
See https://bundler.io/man/bundle-config.1.html for more information.
When running tailwindcss
on an Alpine system, some users report a "No such file or directory" error message.
The cause of this is the upstream tailwindcss
binary executables being built on a gnu libc system, making them incompatible with standard musl libc systems.
A fix for this has been proposed upstream at https://github.com/tailwindlabs/tailwindcss/discussions/6785, but in the meantime a workaround is to install compatibility libraries:
apk add build-base gcompat
In Rails, you want to use assets from the asset pipeline to get fingerprinting. However, Tailwind isn't aware of those assets. To use assets from the pipeline, use url(image.svg)
. Since Sprockets v3.3.0 url(image.svg)
will then automatically be rewritten to /path/to/assets/image-7801e7538c6f1cc57aa75a5876ab0cac.svg
. So the output CSS will have the correct path to those assets.
module.exports = {
theme: {
extend: {
backgroundImage: {
'image': "url('image.svg')"
}
}
}
}
The inline version also works:
<section class="bg-[url('image.svg')]">Has the image as it's background</section>
Tailwind for Rails is released under the MIT License. Tailwind CSS is released under the MIT License. The Inter font is released under the SIL Open Font License, Version 1.1.
FAQs
Unknown package
We found that tailwindcss-rails-cjs-cjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.