Gathering detailed insights and metrics for sass
Gathering detailed insights and metrics for sass
Installations
npm install sassDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>=14.0.0
Node Version
22.16.0
NPM Version
10.9.2
Score
95.9
Supply Chain
100
Quality
91.9
Maintenance
100
Vulnerability
99.6
License
Releases
294
Languages
4
Dart
TypeScript
JavaScript
HTML
Dart (73.19%)
TypeScript (26.69%)
JavaScript (0.1%)
HTML (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
4,102 Stars
2,692 Commits
366 Forks
76 Watchers
31 Branches
75 Contributors
Updated on Jul 09, 2025
Maintainers
3
Package Meta Information
Latest Version
1.89.2
Package Id
sass@1.89.2
Unpacked Size
5.44 MB
Size
878.96 kB
File Count
36
NPM Version
10.9.2
Node Version
22.16.0
Published on
Jun 09, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Optional Dependencies
1
A pure JavaScript implementation of Sass. Sass makes CSS fun again.
|
|
|
This package is a distribution of Dart Sass, compiled to pure JavaScript
with no native code or external dependencies. It provides a command-line sass
executable and a Node.js API.
Usage
You can install Sass globally using npm install -g sass which will provide
access to the sass executable. You can also add it to your project using
npm install --save-dev sass. This provides the executable as well as a
library:
1const sass = require('sass'); 2 3const result = sass.compile(scssFilename); 4 5// OR 6 7// Note that `compileAsync()` is substantially slower than `compile()`. 8const result = await sass.compileAsync(scssFilename);
See the Sass website for full API documentation.
Legacy API
Dart Sass also supports an older JavaScript API that's fully compatible with
Node Sass (with a few exceptions listed below), with support for both the
render() and renderSync() functions. This API is considered deprecated
and will be removed in Dart Sass 2.0.0, so it should be avoided in new projects.
Sass's support for the legacy JavaScript API has the following limitations:
-
Only the
"expanded"and"compressed"values ofoutputStyleare supported. -
Dart Sass doesn't support the
precisionoption. Dart Sass defaults to a sufficiently high precision for all existing browsers, and making this customizable would make the code substantially less efficient. -
Dart Sass doesn't support the
sourceCommentsoption. Source maps are the recommended way of locating the origin of generated selectors.
See Also
-
Dart Sass, from which this package is compiled, can be used either as a stand-alone executable or as a Dart library. Running Dart Sass on the Dart VM is substantially faster than running the pure JavaScript version, so this may be appropriate for performance-sensitive applications. The Dart API is also (currently) more user-friendly than the JavaScript API. See the Dart Sass README for details on how to use it.
-
Node Sass, which is a wrapper around LibSass, the C++ implementation of Sass. Node Sass supports the same API as this package and is also faster (although it's usually a little slower than Dart Sass). However, it requires a native library which may be difficult to install, and it's generally slower to add features and fix bugs.
Behavioral Differences from Ruby Sass
There are a few intentional behavioral differences between Dart Sass and Ruby Sass. These are generally places where Ruby Sass has an undesired behavior, and it's substantially easier to implement the correct behavior than it would be to implement compatible behavior. These should all have tracking bugs against Ruby Sass to update the reference behavior.
-
@extendonly accepts simple selectors, as does the second argument ofselector-extend(). See issue 1599. -
Subject selectors are not supported. See issue 1126.
-
Pseudo selector arguments are parsed as
<declaration-value>s rather than having a more limited custom parsing. See issue 2120. -
The numeric precision is set to 10. See issue 1122.
-
The indented syntax parser is more flexible: it doesn't require consistent indentation across the whole document. See issue 2176.
-
Colors do not support channel-by-channel arithmetic. See issue 2144.
-
Unitless numbers aren't
==to unit numbers with the same value. In addition, map keys follow the same logic as==-equality. See issue 1496. -
rgba()andhsla()alpha values with percentage units are interpreted as percentages. Other units are forbidden. See issue 1525. -
Too many variable arguments passed to a function is an error. See issue 1408.
-
Allow
@extendto reach outside a media query if there's an identical@extenddefined outside that query. This isn't tracked explicitly, because it'll be irrelevant when issue 1050 is fixed. -
Some selector pseudos containing placeholder selectors will be compiled where they wouldn't be in Ruby Sass. This better matches the semantics of the selectors in question, and is more efficient. See issue 2228.
-
The old-style
:property valuesyntax is not supported in the indented syntax. See issue 2245. -
The reference combinator is not supported. See issue 303.
-
Universal selector unification is symmetrical. See issue 2247.
-
@extenddoesn't produce an error if it matches but fails to unify. See issue 2250. -
Dart Sass currently only supports UTF-8 documents. We'd like to support more, but Dart currently doesn't support them. See dart-lang/sdk#11744, for example.
Disclaimer: this is not an official Google product.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:39
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:50
- Warn: no topLevel permission defined: .github/workflows/build-linux.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-macos.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-windows.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-sass-api.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-vendor.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-linux.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-linux.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-linux.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-linux.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-linux.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-linux.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-macos.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-macos.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-macos.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-macos.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-macos.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-macos.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-windows.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-windows.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-windows.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/build-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-sass-api.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release-sass-api.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-vendor.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test-vendor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-vendor.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test-vendor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-vendor.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test-vendor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-vendor.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test-vendor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/sass/dart-sass/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:124
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:188
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:372
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:374
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:353
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:170
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:213
- Info: 0 out of 38 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 npmCommand dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 1.89.2 not signed: https://api.github.com/repos/sass/dart-sass/releases/224124389
- Warn: release artifact 1.89.1 not signed: https://api.github.com/repos/sass/dart-sass/releases/222182561
- Warn: release artifact 1.89.0 not signed: https://api.github.com/repos/sass/dart-sass/releases/218983383
- Warn: release artifact 1.88.0 not signed: https://api.github.com/repos/sass/dart-sass/releases/217803761
- Warn: release artifact 1.87.0 not signed: https://api.github.com/repos/sass/dart-sass/releases/213783990
- Warn: release artifact 1.89.2 does not have provenance: https://api.github.com/repos/sass/dart-sass/releases/224124389
- Warn: release artifact 1.89.1 does not have provenance: https://api.github.com/repos/sass/dart-sass/releases/222182561
- Warn: release artifact 1.89.0 does not have provenance: https://api.github.com/repos/sass/dart-sass/releases/218983383
- Warn: release artifact 1.88.0 does not have provenance: https://api.github.com/repos/sass/dart-sass/releases/217803761
- Warn: release artifact 1.87.0 does not have provenance: https://api.github.com/repos/sass/dart-sass/releases/213783990
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.9
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More