npmpackage.info

Gathering detailed insights and metrics for postcss-url-resolver

postcss-url-resolver - 0.0.1 | npmpackage.info

postcss-url-resolver

PostCSS plugin that resolves urls (CSS imports and images) via http requests. Isomorphic (node + browser).

0.0.1

MIT

JavaScript

22.06 kB

6,632 1.7

Installations

npm install postcss-url-resolver

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

8.8.1

NPM Version

5.4.2 Score

66.9

Supply Chain

97.7

Quality

74.9

Maintenance

Vulnerability

99.6

License

Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

1

Total

1

Closed

0

Releases

Unable to fetch releases

Languages

JavaScript

CSS

JavaScript (98.2%)

CSS (1.8%)

Developer

frandiox

Download Statistics

Total Downloads

6,632

Last Day

Last Week

Last Month

Last Year

108

GitHub Statistics

MIT License

1 Stars

9 Commits

1 Branches

1 Contributors

Updated on Apr 15, 2018

Bundle Size

82.91 kB

Minified

22.06 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

0.0.1

Package Id

postcss-url-resolver@0.0.1

Size

4.38 kB

NPM Version

5.4.2

Node Version

8.8.1

Total Downloads

Cumulative downloads

Total Downloads

6,632

Dependencies

lodash.trim postcss url

Dev Dependencies

eslint eslint-config-postcss jest

PostCSS Url Resolver

PostCSS plugin that resolves urls (CSS imports and images) via http requests.

This plugin is a combination of postcss-import-url, postcss-url-mapper and postcss-base64. It borrows code from all of them and adds some extra features.

Features:

Recursively resolves @import and url(...) of remote files.
Optionally inlines images in base64.
Isomorphic. Works in Node and the browser.
HTTP client agnostic. It must be provided as a parameter. This also allows providing custom cache or headers.

Requirements:

Native Promise or a polyfill.

Examples:

1/* http://some.remote/file.css */
2
3@import "http://fonts.googleapis.com/css?family=Tangerine";
4
5.bar {
6  color: green;
7  background-image: url('./img/logo.svg');
8}

1/* Input example */
2
3.foo {
4  color: red;
5}
6
7@import url('http://some.remote/file.css');
8
9.baz {
10  color: blue;
11}

1/* Output example */
2
3.foo {
4  color: red;
5}
6
7@font-face {
8  font-family: 'Tangerine';
9  font-style: normal;
10  font-weight: 400;
11  src: local('Tangerine'), url(http://fonts.gstatic.com/s/tangerine/v7/HGfsyCL5WASpHOFnouG-RKCWcynf_cDxXwCLxiixG1c.ttf) format('truetype')
12}
13
14.bar {
15  color: green;
16  background-image: url('http://some.remote/img/logo.svg');
17}
18
19.baz {
20  color: blue;
21}

If options.base64 was specified (true), the background-image would look like:

1.bar {
2  color: green;
3  background-image: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNZz4=');
4}

Usage

This plugin is isomorphic (Node + browser environments). For sake of versatility, it does not bundle any http-request package. Therefore, it must be provided as a parameter.

Node

1var postcss = require('postcss');
2var urlResolver = require('postcss-url-resolver');
3var hh = require('http-https');
4
5postcss([urlResolver({
6  exclude: /theme.css$/,
7  base64: true,
8
9  request: function(opt) {
10    return new Promise(function executor(resolve, reject) {
11      var req = hh.get(reqOptions, function(res) {
12          var body = '';
13
14          res.on('data', function(chunk) {
15            body += chunk.toString();
16          });
17
18          res.on('end', function() {
19            resolve(body);
20          });
21      });
22
23      req.on('error', reject);
24      req.end();
25    });
26  }
27})])

Browser (Webpack)

1import postcss from 'postcss';
2import urlResolver from 'postcss-url-resolver';
3import axios from 'axios';
4
5postcss([ urlResolver({
6  exclude: /theme.css$/,
7  base64: true,
8
9  request: function(opt) {
10    return axios.get(opt.href)
11      .then(res => res.data);
12  }
13})])

Note: axios can also be used in Node environments.

Parameters

request: Function called to make an HTTP request. It gets a parsed URL object as its only parameter. Must return a promise which resolves to the response body (content). Required.
recursive: Whether @import should be resolved recursively. Default true.
base64: Resolves and inlines images in base 64. Default false.
exclude: A RegExp matching urls that won't be resolved. Default null.

See PostCSS docs for examples for your environment.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

68 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr
Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c
Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-6394-6h9h-cfjg
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.7

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

postcss-url-resolver

Installations

Developer Guide

No

CommonJS

8.8.1

5.4.2

Score

Pull Requests

0

0

0

Issues

1

1

0

Releases

Unable to fetch releases

Languages

Developer

frandiox

Download Statistics

GitHub Statistics

Bundle Size

82.91 kB

22.06 kB

Maintainers

Package Meta Information

Total Downloads

6,632

Dependencies

Dev Dependencies

PostCSS Url Resolver

Usage

Node

Browser (Webpack)

Parameters

10

10

0

0

0

0

0

0

0

0

1.7

/10

Weekly Downloads

Monthly Downloads

Yearly Downloads