A lightweight toolset for writing styles in JavaScript ✨
Installations
npm install polishedScore
98.7
Supply Chain
99.6
Quality
81.4
Maintenance
100
Vulnerability
93.3
License
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
>=10
Typescript Support
Yes
Node Version
14.21.3
NPM Version
6.14.18
Statistics
7,637 Stars
900 Commits
209 Forks
41 Watching
6 Branches
166 Contributors
Updated on 20 Nov 2024
Bundle Size
36.84 kB
Minified
11.51 kB
Minified + Gzipped
Languages
JavaScript (92.75%)
CSS (5.25%)
TypeScript (1.96%)
Shell (0.04%)
Total Downloads
Cumulative downloads
Total Downloads
1,232,835,926
Last day
-6.8%
1,361,986
Compared to previous day
Last week
2.2%
7,524,698
Compared to previous week
Last month
7.4%
31,980,913
Compared to previous month
Last year
13.5%
343,555,376
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
37
A lightweight toolset for writing styles in JavaScript. ✨
1npm install --save polished 2# or if you're using yarn 3yarn add polished
Want to write styles in JavaScript, but also want Sass-style helper functions and mixins? Need a consistent color palette throughout your app? ✨ polished is for you!
- Make your app look great without stress
- Cross framework compatible: No matter if you're using
styled-components, emotion, jss, aphrodite, radium, or plain inline styles, as long as you're writing your styles in JavaScript you can use polished! - Switching from a pre-processor to styles in JS made easy
Docs
See the full documentation at polished.js.org!
Usage
✨ polished modules are meant to be used as stand-alone imports. You should avoid importing the entire library directly:
import { clearFix, animation } from 'polished'
import * as polished from 'polishedimport polished from 'polished'
When ✨ polished modules are imported properly, tree shaking in webpack and Rollup can be leveraged to reduce your bundle size.
Browser Support
All Evergreen Browsers + IE11
As of v3.6.X we support >0.5%, not dead, ie >= 11, not op_mini all for all our builds.
Flow Type Definitions
✨ polished has first-class Flow support with zero configuration to assist you in finding type errors while using our modules.
Ignore ✨ polished source
Flow frequently updates and it is possible that the version you are running may cause you to run into errors coming from the polished package in your node_modules directory. You can add the following lines to your .flowconfig to ignore polished in those cases:
1[ignore] 2.*/node_modules/polished/.*
TypeScript Definitions
✨ polished has TypeScript definitions to allow the library to be used in any TypeScript project. You will need to set moduleResolution to node in your tsconfig.json in order to use ✨ polished with TypeScript.
Babel plugin
You can optionally also use babel-plugin-polished to compile the static function calls out and remove the (already tiny) runtime performance impact of using ✨ polished.
Object Spread Properties
In the documentation you will see examples using object spread properties ({ ...other }). To enable this syntax in your project add the transform-object-rest-spread plugin (or the stage-3 preset to enable all stage three features) to your Babel configuration.
Why?
When writing styles in JavaScript, many people need Sass-style helper functions to be productive. ✨ polished brings them to you in a nice, lightweight package tailor-made for styles in JavaScript.
The main difference with Sass is that it's written in a functional style and all color functions are curried. This means you can compose them together into your own reusable helpers with a compose function of your choice:
1import { compose } from 'ramda' // Replace with any compose() function of your choice 2import { lighten, desaturate } from 'polished' 3 4// Create tone() helper 5const tone = compose(lighten(0.1), desaturate(0.1))
Why not package-xyz?
First of all, we didn't find another library that had everything we needed, and we don't care about installing a dozen packages separately.
Specifically most other packages that provide color functions do so in an object-oriented style, often with a fluent API that's very different from the Sass-style helpers. This means people that aren't very familiar with JavaScript might shy away from using them.
✨ polished was made as a standard library for everybody, no matter if they know JS inside out or not.
Compatibility
✨ polished is compatible with any library that accepts styles as JS objects. This includes, but is by far not limited to, styled-components, radium, aphrodite, glamor, glamorous, jss and many more!
No matter if you're using inline styles or CSS-in-JS, polished is for you.
Contributors
This project exists thanks to all the people who contribute. [Contribute].
Backers
Thank you to all our backers! 🙏 [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
License
Copyright © 2016-2021 Brian Hough, Maximilian Stoiber, & Nik Graf. Licensed under the MIT License, see LICENSE.md for more information!
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/report-coverage.yml:1
- Info: no jobLevel write permissions found
Reason
Found 0/3 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-coverage.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/report-coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-coverage.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/report-coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-coverage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/report-coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/report-coverage.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/styled-components/polished/report-coverage.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/report-coverage.yml:23
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
23 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9q5w-79cv-947m
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More