scriptex / itcss Goto Github PK
View Code? Open in Web Editor NEWStarter CSS boilerplate utilizing the ITCSS pattern
Home Page: https://itcss.atanas.info/
License: MIT License
Starter CSS boilerplate utilizing the ITCSS pattern
Home Page: https://itcss.atanas.info/
License: MIT License
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-5.2.18.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/postcss-extend/node_modules/postcss/package.json,itcss/node_modules/postcss-for/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/postcss-import/node_modules/postcss/package.json,itcss/node_modules/postcss-easy-import/node_modules/postcss/package.json,itcss/node_modules/postcss-each-variables/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/postcss-lab-function/node_modules/postcss/package.json,itcss/node_modules/css-prefers-color-scheme/node_modules/postcss/package.json,itcss/node_modules/postcss-attribute-case-insensitive/node_modules/postcss/package.json,itcss/node_modules/postcss-font-variant/node_modules/postcss/package.json,itcss/node_modules/postcss-focus-visible/node_modules/postcss/package.json,itcss/node_modules/postcss-color-gray/node_modules/postcss/package.json,itcss/node_modules/postcss-utilities/node_modules/postcss/package.json,itcss/node_modules/postcss-place/node_modules/postcss/package.json,itcss/node_modules/postcss-initial/node_modules/postcss/package.json,itcss/node_modules/postcss-color-mod-function/node_modules/postcss/package.json,itcss/node_modules/autoprefixer/node_modules/postcss/package.json,itcss/node_modules/postcss-overflow-shorthand/node_modules/postcss/package.json,itcss/node_modules/postcss-selector-matches/node_modules/postcss/package.json,itcss/node_modules/postcss-gap-properties/node_modules/postcss/package.json,itcss/node_modules/postcss-image-set-function/node_modules/postcss/package.json,itcss/node_modules/postcss-dir-pseudo-class/node_modules/postcss/package.json,itcss/node_modules/postcss-selector-not/node_modules/postcss/package.json,itcss/node_modules/postcss-simple-vars/node_modules/postcss/package.json,itcss/node_modules/postcss-color-rebeccapurple/node_modules/postcss/package.json,itcss/node_modules/postcss-double-position-gradients/node_modules/postcss/package.json,itcss/node_modules/postcss-preset-env/node_modules/postcss/package.json,itcss/node_modules/postcss-logical/node_modules/postcss/package.json,itcss/node_modules/postcss-pseudo-class-any-link/node_modules/postcss/package.json,itcss/node_modules/postcss-custom-properties/node_modules/postcss/package.json,itcss/node_modules/postcss-focus-within/node_modules/postcss/package.json,itcss/node_modules/postcss-media-minmax/node_modules/postcss/package.json,itcss/node_modules/postcss-nesting/node_modules/postcss/package.json,itcss/node_modules/css-has-pseudo/node_modules/postcss/package.json,itcss/node_modules/postcss-custom-selectors/node_modules/postcss/package.json,itcss/node_modules/postcss-page-break/node_modules/postcss/package.json,itcss/node_modules/postcss-color-hex-alpha/node_modules/postcss/package.json,itcss/node_modules/postcss-color-functional-notation/node_modules/postcss/package.json,itcss/node_modules/postcss-browser-comments/node_modules/postcss/package.json,itcss/node_modules/postcss-env-function/node_modules/postcss/package.json,itcss/node_modules/css-blank-pseudo/node_modules/postcss/package.json,itcss/node_modules/postcss-replace-overflow-wrap/node_modules/postcss/package.json,itcss/node_modules/postcss-normalize/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 2ed1a1112b545fab4b7b6836f3241d9cfd835e36
Found in base branch: master
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
It looks like it is no longer used in normalize.css
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in base branch: master
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /itcss/package.json
Path to vulnerable library: /tmp/git/itcss/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: ded44892bfaeaf9ca844b91284e4862b1f58337d
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 7cd1535f94f334b981f4810c3d8cb7f1f4a2276d
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/itcss/package.json
Path to vulnerable library: /tmp/ws-scm/itcss/node_modules/is-accessor-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/itcss/package.json
Path to vulnerable library: /tmp/ws-scm/itcss/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/itcss/package.json
Path to vulnerable library: /tmp/ws-scm/itcss/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/itcss/package.json
Path to vulnerable library: /tmp/ws-scm/itcss/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 4512e5baee019edc21505cc49ceeada1120aeca3
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Step up your Open Source Security Game with WhiteSource here
[id] {
scroll-margin-top: 2ex;
}
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz
Path to dependency file: /itcss/package.json
Path to vulnerable library: /tmp/git/itcss/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: c32174de5b94a392c8abeb1333a8c318f9d0455c
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-30
URL: WS-2019-0063
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-30
Fix Resolution: 3.13.1
Step up your Open Source Security Game with WhiteSource here
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: 1e4e1ea2f02b3b32321f0ecacf3e76bf624a51c7
Found in base branch: master
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/itcss/package.json
Path to vulnerable library: /tmp/ws-scm/itcss/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4314a1cc0db38026a1926fff9db498d805440097
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: itcss/package.json
Path to vulnerable library: itcss/node_modules/postcss-lab-function/node_modules/postcss/package.json,itcss/node_modules/css-prefers-color-scheme/node_modules/postcss/package.json,itcss/node_modules/postcss-attribute-case-insensitive/node_modules/postcss/package.json,itcss/node_modules/postcss-font-variant/node_modules/postcss/package.json,itcss/node_modules/postcss-focus-visible/node_modules/postcss/package.json,itcss/node_modules/postcss-color-gray/node_modules/postcss/package.json,itcss/node_modules/postcss-utilities/node_modules/postcss/package.json,itcss/node_modules/postcss-place/node_modules/postcss/package.json,itcss/node_modules/postcss-initial/node_modules/postcss/package.json,itcss/node_modules/postcss-color-mod-function/node_modules/postcss/package.json,itcss/node_modules/autoprefixer/node_modules/postcss/package.json,itcss/node_modules/postcss-overflow-shorthand/node_modules/postcss/package.json,itcss/node_modules/postcss-selector-matches/node_modules/postcss/package.json,itcss/node_modules/postcss-gap-properties/node_modules/postcss/package.json,itcss/node_modules/postcss-image-set-function/node_modules/postcss/package.json,itcss/node_modules/postcss-dir-pseudo-class/node_modules/postcss/package.json,itcss/node_modules/postcss-selector-not/node_modules/postcss/package.json,itcss/node_modules/postcss-simple-vars/node_modules/postcss/package.json,itcss/node_modules/postcss-color-rebeccapurple/node_modules/postcss/package.json,itcss/node_modules/postcss-double-position-gradients/node_modules/postcss/package.json,itcss/node_modules/postcss-preset-env/node_modules/postcss/package.json,itcss/node_modules/postcss-logical/node_modules/postcss/package.json,itcss/node_modules/postcss-pseudo-class-any-link/node_modules/postcss/package.json,itcss/node_modules/postcss-custom-properties/node_modules/postcss/package.json,itcss/node_modules/postcss-focus-within/node_modules/postcss/package.json,itcss/node_modules/postcss-media-minmax/node_modules/postcss/package.json,itcss/node_modules/postcss-nesting/node_modules/postcss/package.json,itcss/node_modules/css-has-pseudo/node_modules/postcss/package.json,itcss/node_modules/postcss-custom-selectors/node_modules/postcss/package.json,itcss/node_modules/postcss-page-break/node_modules/postcss/package.json,itcss/node_modules/postcss-color-hex-alpha/node_modules/postcss/package.json,itcss/node_modules/postcss-color-functional-notation/node_modules/postcss/package.json,itcss/node_modules/postcss-browser-comments/node_modules/postcss/package.json,itcss/node_modules/postcss-env-function/node_modules/postcss/package.json,itcss/node_modules/css-blank-pseudo/node_modules/postcss/package.json,itcss/node_modules/postcss-replace-overflow-wrap/node_modules/postcss/package.json,itcss/node_modules/postcss-normalize/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 2ed1a1112b545fab4b7b6836f3241d9cfd835e36
Found in base branch: master
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Introduce media queries for reduced motion
or dark/light mode.
Example:
@media (prefers-reduced-motion: reduce) {
* {
animation-duration: 0.01ms !important;
animation-iteration-count: 1 !important;
transition-duration: 0.01ms !important;
scroll-behavior: auto !important;
}
}
More examples and reference: https://developer.mozilla.org/en-US/docs/Web/CSS/@media
Add a better and more comprehensive flexbox mixin.
Explore possible split and introduction of many smaller mixins.
Needs to be @custom-media --hover (-ms-high-contrast: none), (-ms-high-contrast: active), (-moz-touch-enabled: 0), (hover);
Also, install postcss-custom-media
.
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 6fdb8fef5000389ed68a0912f073d85e5d890e52
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: gulpjs/glob-parent#49
Release Date: 2021-06-22
Fix Resolution: glob-parent - 6.0.1
Step up your Open Source Security Game with WhiteSource here
This issue provides visibility into Renovate updates and their statuses. Learn more
This repository currently has no open or pending branches.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.