Skeletonic Stylus

Iṣẹ-ṣiṣe

• 38.8 KB minified · 7.7 KB gzipped · 6.7 KB brotli fun iwe-aṣa ipilẹ ni kikun.
• JavaScript kankan — Stylus mimọ → CSS mimọ, ko si iye owo iṣiṣẹ.
• Ti a fi cascade-layer ṣe — awọn atunṣe bori laisi !important.
• Isuna size-limit ti a fi ipa mu ninu CI lori adehun kọọkan.

Iṣẹ-ṣiṣe jẹ iṣakoso aabo. Baiti kọọkan ti a ko fi ranṣẹ jẹ baiti kan ti o dinku lati ṣe ayẹwo, fọwọsi, ati ṣe idaniloju.

Ẹwọn ipese ni ṣoki

---

CycloneDX SBOM

Gbogbo tarball ti a tẹ jade pẹlu CycloneDX SBOM ni dist/sbom.json. O le ṣayẹwo package ti a fi sori ẹrọ tuntun pẹlu:

pnpm add @sebastienrousseau/skeletonic-stylus@2.0.0
jq '.metadata.component.version' \
  node_modules/@sebastienrousseau/skeletonic-stylus/dist/sbom.json
# → "2.0.0"

SBOM ni a ṣẹda pẹlu cyclonedx-npm lakoko opo iṣẹ tẹ jade.

---

Ẹri npm

Ohun elo ti a tẹ jade ni a fọwọsi nipa lilo ẹri package npm.

O le ṣe idaniloju rẹ lẹhin ifisori ẹrọ pẹlu:

npm view @sebastienrousseau/skeletonic-stylus@2.0.0 --json | \
  jq '.dist."npm-signature"'

Ẹri ti a fọwọsi so tarball pada si iṣiṣẹ GitHub Actions gangan ti o ṣe agbejade rẹ.

---

Awọn CVE ti a mọ & awọn atunṣe

Data table table

CVE	Biba	Ipo
CVE-2023-44270 (postcss line return parsing)	Alabọde	Ti a ṣe atunṣe ninu v2.0.0 nipasẹ pnpm.overrides ti o mu postcss ga si ≥ 8.4.31

Ibi-ipamọ data imọran Snyk ati atokọ Awọn Imọran Aabo GitHub ni a ṣe abojuto nigbagbogbo; awọn atunṣe aabo ni a fi ranṣẹ bi awọn itusilẹ ipele-atunṣe.

---

Jabo ailagbara kan

Jọwọ maṣe ṣii ọran GitHub ti gbogbo eniyan fun ijabọ aabo. Dipo, lo ọna aṣiri ni:

github.com/sebastienrousseau/skeletonic-stylus/security/advisories/new

Awọn ijabọ ni a jẹwọ laarin wakati 72 ati atunṣe ni a fi ranṣẹ laarin ọjọ 14 fun awọn ọran alabọde, wakati 48 fun awọn ti o ṣe pataki.

Pada si ile → · Ka iwe iyipada →