Gathering detailed insights and metrics for postcss-load-config
Gathering detailed insights and metrics for postcss-load-config
Installations
npm install postcss-load-configDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 18
Node Version
20.12.2
NPM Version
10.5.0
Releases
5
Languages
4
JavaScript
TypeScript
CSS
SugarSS
JavaScript (84.42%)
TypeScript (10.37%)
CSS (2.74%)
SugarSS (2.48%)
Developer
postcss
Download Statistics
Total Downloads
3,412,060,103
Last Day
1,336,348
Last Week
20,737,393
Last Month
90,015,581
Last Year
842,154,660
GitHub Statistics
MIT License
661 Stars
302 Commits
75 Forks
15 Watchers
2 Branches
47 Contributors
Updated on Jun 20, 2025
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
6.0.1
Package Id
postcss-load-config@6.0.1
Unpacked Size
22.12 kB
Size
6.95 kB
File Count
8
NPM Version
10.5.0
Node Version
20.12.2
Published on
Jun 02, 2024
Total Downloads
Cumulative downloads
Total Downloads
3,412,060,103
Load Config
Install
1npm i -D postcss-load-config
Usage
1npm i -S|-D postcss-plugin
Install all required PostCSS plugins and save them to your package.json dependencies/devDependencies
Then create a PostCSS config file by choosing one of the following formats
package.json
Create a postcss section in your project's package.json
Project (Root)
|– client
|– public
|
|- package.json
1{ 2 "postcss": { 3 "parser": "sugarss", 4 "map": false, 5 "plugins": { 6 "postcss-plugin": {} 7 } 8 } 9}
.postcssrc
Create a .postcssrc file in JSON or YAML format
ℹ️ It's recommended to use an extension (e.g
.postcssrc.jsonor.postcssrc.yml) instead of.postcssrc
Project (Root)
|– client
|– public
|
|- (.postcssrc|.postcssrc.json|.postcssrc.yml)
|- package.json
.postcssrc.json
1{ 2 "parser": "sugarss", 3 "map": false, 4 "plugins": { 5 "postcss-plugin": {} 6 } 7}
.postcssrc.yml
1parser: sugarss 2map: false 3plugins: 4 postcss-plugin: {}
[!NOTE] For YAML configs, you must have yaml installed as a peer dependency.
.postcssrc.js or postcss.config.js
You may need some logic within your config. In this case create JS/TS file named:
.postcssrc.js.postcssrc.mjs.postcssrc.cjs.postcssrc.ts.postcssrc.mts.postcssrc.ctspostcss.config.jspostcss.config.mjspostcss.config.cjspostcss.config.tspostcss.config.mtspostcss.config.cts
[!NOTE] For TypeScript configs, you must have tsx or jiti installed as a peer dependency.
Project (Root)
|– client
|– public
|- (.postcssrc|postcss.config).(js|mjs|cjs|ts|mts|cts)
|- package.json
You can export the config as an {Object}
.postcssrc.js
1module.exports = { 2 parser: 'sugarss', 3 map: false, 4 plugins: { 5 'postcss-plugin': {} 6 } 7}
Or export a {Function} that returns the config (more about the ctx param below)
.postcssrc.js
1module.exports = (ctx) => ({ 2 parser: ctx.parser ? 'sugarss' : false, 3 map: ctx.env === 'development' ? ctx.map : false, 4 plugins: { 5 'postcss-plugin': ctx.options.plugin 6 } 7})
Plugins can be loaded either using an {Object} or an {Array}
{Object}
.postcssrc.js
1module.exports = ({ env }) => ({ 2 ...options, 3 plugins: { 4 'postcss-plugin': env === 'production' ? {} : false 5 } 6})
ℹ️ When using an
{Object}, the key can be a Node.js module name, a path to a JavaScript file that is relative to the directory of the PostCSS config file, or an absolute path to a JavaScript file.
{Array}
.postcssrc.js
1module.exports = ({ env }) => ({ 2 ...options, 3 plugins: [ 4 env === 'production' ? require('postcss-plugin')() : false 5 ] 6})
:warning: When using an
{Array}, make sure torequire()each plugin
Options
| Name | Type | Default | Description |
|---|---|---|---|
to | {String} | undefined | Destination File Path |
map | {String|Object} | false | Enable/Disable Source Maps |
from | {String} | undefined | Source File Path |
parser | {String|Function} | false | Custom PostCSS Parser |
syntax | {String|Function} | false | Custom PostCSS Syntax |
stringifier | {String|Function} | false | Custom PostCSS Stringifier |
parser
.postcssrc.js
1module.exports = { 2 parser: 'sugarss' 3}
syntax
.postcssrc.js
1module.exports = { 2 syntax: 'postcss-scss' 3}
stringifier
.postcssrc.js
1module.exports = { 2 stringifier: 'midas' 3}
map
.postcssrc.js
1module.exports = { 2 map: 'inline' 3}
:warning: In most cases
options.from&&options.toare set by the third-party which integrates this package (CLI, gulp, webpack). It's unlikely one needs to set/useoptions.from&&options.towithin a config file. Unless you're a third-party plugin author using this module and its Node API directly dont't setoptions.from&&options.toyourself
to
1module.exports = { 2 to: 'path/to/dest.css' 3}
from
1module.exports = { 2 from: 'path/to/src.css' 3}
Plugins
{} || null
The plugin will be loaded with defaults
1'postcss-plugin': {} || null
.postcssrc.js
1module.exports = { 2 plugins: { 3 'postcss-plugin': {} || null 4 } 5}
:warning:
{}must be an empty{Object}literal
{Object}
The plugin will be loaded with given options
1'postcss-plugin': { option: '', option: '' }
.postcssrc.js
1module.exports = { 2 plugins: { 3 'postcss-plugin': { option: '', option: '' } 4 } 5}
false
The plugin will not be loaded
1'postcss-plugin': false
.postcssrc.js
1module.exports = { 2 plugins: { 3 'postcss-plugin': false 4 } 5}
Ordering
Plugin execution order is determined by declaration in the plugins section (top-down)
1{ 2 plugins: { 3 'postcss-plugin': {}, // [0] 4 'postcss-plugin': {}, // [1] 5 'postcss-plugin': {} // [2] 6 } 7}
Context
When using a {Function} (postcss.config.js or .postcssrc.js), it's possible to pass context to postcss-load-config, which will be evaluated while loading your config. By default ctx.env (process.env.NODE_ENV) and ctx.cwd (process.cwd()) are available on the ctx {Object}
ℹ️ Most third-party integrations add additional properties to the
ctx(e.gpostcss-loader). Check the specific module's README for more information about what is available on the respectivectx
Examples
postcss.config.js
1module.exports = (ctx) => ({ 2 parser: ctx.parser ? 'sugarss' : false, 3 map: ctx.env === 'development' ? ctx.map : false, 4 plugins: { 5 'postcss-import': {}, 6 'postcss-nested': {}, 7 cssnano: ctx.env === 'production' ? {} : false 8 } 9})
1"scripts": { 2 "build": "NODE_ENV=production node postcss", 3 "start": "NODE_ENV=development node postcss" 4}
1const { readFileSync } = require('fs') 2 3const postcss = require('postcss') 4const postcssrc = require('postcss-load-config') 5 6const css = readFileSync('index.css', 'utf8') 7 8const ctx = { parser: true, map: 'inline' } 9 10postcssrc(ctx).then(({ plugins, options }) => { 11 postcss(plugins) 12 .process(css, options) 13 .then((result) => console.log(result.css)) 14})
1"scripts": { 2 "build": "NODE_ENV=production gulp", 3 "start": "NODE_ENV=development gulp" 4}
1const { task, src, dest, series, watch } = require('gulp') 2 3const postcss = require('gulp-postcssrc') 4 5const css = () => { 6 src('src/*.css') 7 .pipe(postcss()) 8 .pipe(dest('dest')) 9}) 10 11task('watch', () => { 12 watch(['src/*.css', 'postcss.config.js'], css) 13}) 14 15task('default', series(css, 'watch'))
1"scripts": { 2 "build": "NODE_ENV=production webpack", 3 "start": "NODE_ENV=development webpack-dev-server" 4}
webpack.config.js
1module.exports = (env) => ({ 2 module: { 3 rules: [ 4 { 5 test: /\.css$/, 6 use: [ 7 'style-loader', 8 'css-loader', 9 'postcss-loader' 10 ] 11 } 12 ] 13 } 14})
Maintainers
Michael Ciniawsky |
Mateusz Derks |
Contributors
Security Contact
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Ryan Dunckel |
Patrick Gilday |
Dalton Santos |
François Wouts |
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:8
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Reason
Found 9/30 approved changesets -- score normalized to 3
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/postcss/postcss-load-config/test.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More