Gathering detailed insights and metrics for postcss-assets
Gathering detailed insights and metrics for postcss-assets
Installations
npm install postcss-assetsDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=10
Node Version
12.13.0
NPM Version
6.12.0
Releases
24
Languages
1
JavaScript
JavaScript (100%)
Developer
assetsjs
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
535 Stars
327 Commits
32 Forks
9 Watchers
6 Branches
9 Contributors
Updated on May 09, 2025
Maintainers
1
Package Meta Information
Latest Version
6.0.0
Package Id
postcss-assets@6.0.0
Size
7.02 kB
NPM Version
6.12.0
Node Version
12.13.0
Published on
May 13, 2021
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Peer Dependencies
1
PostCSS Assets is an asset manager for CSS. It isolates stylesheets from environmental changes, gets image sizes and inlines files.
Table of contents
Installation
1npm install postcss-assets --save-dev
Usage
Gulp PostCSS
1gulp.task('assets', function () { 2 var postcss = require('gulp-postcss'); 3 var assets = require('postcss-assets'); 4 5 return gulp.src('source/*.css') 6 .pipe(postcss([assets({ 7 loadPaths: ['images/'] 8 })])) 9 .pipe(gulp.dest('build/')); 10});
Grunt PostCSS
1var assets = require('postcss-assets'); 2 3grunt.initConfig({ 4 postcss: { 5 options: { 6 processors: [ 7 assets({ 8 loadPaths: ['images/'] 9 }) 10 ] 11 }, 12 dist: { src: 'build/*.css' } 13 }, 14});
Note: all of the listed options below are parameters for the assets object, not the top level postcss options object.
URL resolution
These options isolate stylesheets from environmental changes.
Load paths
To make PostCSS Assets search for files in specific directories, define load paths:
1var options = { 2 loadPaths: ['fonts/', 'media/patterns/', 'images/'] 3};
Example:
1body { 2 background: resolve('foobar.jpg'); 3 background: resolve('icons/baz.png'); 4}
PostCSS Assets would look for the files relative to the source file, then in load paths, then in the base path. If it succeed, it would resolve a true URL:
1body { 2 background: url('/media/patterns/foobar.jpg'); 3 background: url('/images/icons/baz.png'); 4}
Base path
If the root directory of your site is not where you execute PostCSS Assets, correct it:
1var options = { 2 basePath: 'source/' 3};
PostCSS Assets would treat source directory as / for all URLs and load paths would be relative to it.
Base URL
If the URL of your base path is not /, correct it:
1var options = { 2 baseUrl: 'http://example.com/wp-content/themes/' 3};
Relative paths
To make resolved paths relative to the input file, set a flag:
1var options = { 2 relative: true 3};
To relate to a particular directory, set it as a string:
1var options = { 2 relative: 'assets/css' 3};
Cachebuster
PostCSS Assets can bust assets cache:
1var options = { 2 cachebuster: true 3};
Example:
1body { 2 background: resolve('/images/icons/baz.png'); 3}
PostCSS Assets will change urls depending on asset’s modification date:
1body { 2 background: url('/images/icons/baz.png?14a931c501f'); 3}
To define a custom cachebuster pass a function as an option:
1var options = { 2 cachebuster: function (filePath, urlPathname) { 3 return fs.statSync(filePath).mtime.getTime().toString(16); 4 } 5};
If the returned value is falsy, no cache busting is done for the asset.
If the returned value is an object the values of pathname and/or query are used to generate a cache busted path to the asset.
If the returned value is a string, it is added as a query string.
The returned values for query strings must not include the starting ?.
Busting the cache via path:
1var options = { 2 cachebuster: function (filePath, urlPathname) { 3 var hash = fs.statSync(filePath).mtime.getTime().toString(16); 4 return { 5 pathname: path.dirname(urlPathname) 6 + '/' + path.basename(urlPathname, path.extname(urlPathname)) 7 + hash + path.extname(urlPathname), 8 query: false // you may omit this one 9 } 10 } 11};
Image dimensions
PostCSS Assets calculates dimensions of PNG, JPEG, GIF, SVG and WebP images:
1body { 2 width: width('images/foobar.png'); /* 320px */ 3 height: height('images/foobar.png'); /* 240px */ 4 background-size: size('images/foobar.png'); /* 320px 240px */ 5}
To correct the dimensions for images with a high density, pass it as a second parameter:
1body { 2 width: width('images/foobar.png', 2); /* 160px */ 3 height: height('images/foobar.png', 2); /* 120px */ 4 background-size: size('images/foobar.png', 2); /* 160px 120px */ 5}
Inlining files
PostCSS inlines files to a stylesheet in Base64 encoding:
1body { 2 background: inline('images/foobar.png'); 3}
SVG files would be inlined unencoded, because then they benefit in size.
Full list of options
| Option | Description | Default |
|---|---|---|
basePath | Root directory of the project. | . |
baseUrl | URL of the project when running the web server. | / |
cachebuster | If cache should be busted. Pass a function to define custom busting strategy. | false |
loadPaths | Specific directories to look for the files. | [] |
relative | Directory to relate to when resolving URLs. When true, relates to the input file. When false, disables relative URLs. | false |
cache | When true, if the input file not been modifed, use the results before cached. | false |
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0
Reason
Found 3/16 approved changesets -- score normalized to 1
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Reason
25 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
1.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More