Gathering detailed insights and metrics for postcss-discard-overridden
Gathering detailed insights and metrics for postcss-discard-overridden
A modular minifier, built on top of the PostCSS ecosystem.
Installations
npm install postcss-discard-overriddenReleases
122
Contributors
109
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
^18.12.0 || ^20.9.0 || >=22.0
Typescript Support
Yes
Node Version
20.12.2
NPM Version
10.5.0
Statistics
4,797 Stars
2,536 Commits
319 Forks
49 Watching
41 Branches
109 Contributors
Updated on 26 Nov 2024
Languages
CSS (77.4%)
JavaScript (22.14%)
Nunjucks (0.46%)
Total Downloads
Cumulative downloads
Total Downloads
2,697,082,229
Last day
-5.8%
2,174,577
Compared to previous day
Last week
2%
11,510,851
Compared to previous week
Last month
11.5%
48,401,464
Compared to previous month
Last year
-1%
538,490,355
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
3
Versions
A modular minifier, built on top of the PostCSS ecosystem.
cssnano is a modern, modular compression tool written on top of the PostCSS ecosystem, which allows us to use a lot of powerful features in order to compact CSS appropriately.
Our preset system allow you to load cssnano in a different configuration depending on your needs; the default preset performs safe transforms, whereas the advanced preset performs more aggressive transforms that are safe only when your site meets the requirements; but regardless of the preset you choose, we handle more than whitespace transforms!
Optimisations range from compressing colors & removing comments, to discarding
overridden at-rules, normalising unicode-range descriptors, even mangling
gradient parameters for a smaller output value! In addition, where it's made
sense for a transform, we've added Browserslist
to provide different output depending on the browsers that you support.
For further details check out the website:
You can now try cssnano online!
Contributing
See CONTRIBUTING.md.
Contributors
This project exists thanks to all the people who contribute. [Contribute].
Backers
Thank you to all our backers! 🙏 [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
License
MIT © Ben Briggs
No vulnerabilities found.
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish.yml:3
- Info: found token with 'none' permissions: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no dangerous workflow patterns detected
Reason
16 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE-MIT:0
- Info: FSF or OSI recognized license: MIT License: LICENSE-MIT:0
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:9
Reason
SAST tool is not run on all commits -- score normalized to 8
Details
- Warn: 26 commits out of 29 are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Reason
Found 3/23 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/cssnano/cssnano/test.yml/master?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More