Generated on May 27, 2024 via pnpm

Npm

Home

node-sass 4.13.0

Wrapper around libsass

css

libsass

preprocessor

sass

scss

style

Package summary

issues

licenses

Package created

12 Jun 2012

Version published

24 Oct 2019

Maintainers

Total deps

192

Direct deps

License

MIT

Issues

1 critical severity issue

critical

async-foreach@0.1.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: async-foreach@0.1.3

Collapse

Expand

11 high severity issues

high

tar@2.2.2

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Recommendation: Upgrade to version 3.2.2 or later

via: node-gyp@3.8.0

trim-newlines@1.0.0

Uncontrolled Resource Consumption in trim-newlines

Recommendation: Upgrade to version 3.0.1 or later

via: meow@3.7.0

tar@2.2.2

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Recommendation: Upgrade to version 4.4.18 or later

via: node-gyp@3.8.0

scss-tokenizer@0.2.3

Regular expression denial of service in scss-tokenizer

Recommendation: Upgrade to version 0.4.3 or later

via: sass-graph@2.2.6

spdx-exceptions@2.5.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: meow@3.7.0 & others

har-validator@5.1.5

Deprecated package

via: node-gyp@3.8.0 & others

node-sass@4.13.0

Package uses install script: "node scripts/install.js"

via: node-sass@4.13.0

node-sass@4.13.0

Package uses postinstall script: "node scripts/build.js"

via: node-sass@4.13.0

request@2.88.2

Deprecated package

via: node-gyp@3.8.0 & others

tar@2.2.2

Deprecated package

via: node-gyp@3.8.0

uuid@3.4.0

Deprecated package

via: node-gyp@3.8.0 & others

Collapse

Expand

8 moderate severity issues

moderate

node-sass@4.13.0

Denial of Service in node-sass

Recommendation: Upgrade to version 4.13.1 or later

via: node-sass@4.13.0

node-sass@4.13.0

Improper Certificate Validation in node-sass

Recommendation: Upgrade to version 7.0.0 or later

via: node-sass@4.13.0

node-sass@4.13.0

Denial of Service in node-sass

Recommendation: Upgrade to version 4.13.1 or later

via: node-sass@4.13.0

node-sass@4.13.0

Improper Certificate Validation in node-sass

Recommendation: Upgrade to version 7.0.0 or later

via: node-sass@4.13.0

semver@5.3.0

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 5.7.2 or later

via: node-gyp@3.8.0

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: node-gyp@3.8.0 & others

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: node-gyp@3.8.0 & others

tar@2.2.2

Denial of service while parsing a tar file due to lack of folders count validation

Recommendation: Upgrade to version 6.2.1 or later

via: node-gyp@3.8.0

Collapse

Expand

2 low severity issues

low

spdx-exceptions@2.5.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: meow@3.7.0 & others

spdx-license-ids@3.0.18

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: meow@3.7.0 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

127 Packages, Including:

ajv@6.12.6

ansi-regex@2.1.1

ansi-styles@2.2.1

array-find-index@1.0.2

asn1@0.2.6

assert-plus@1.0.0

asynckit@0.4.0

aws4@1.13.0

balanced-match@1.0.2

brace-expansion@1.1.11

call-bind@1.0.7

camelcase-keys@2.1.0

camelcase@2.1.1

camelcase@3.0.0

chalk@1.1.3

code-point-at@1.1.0

combined-stream@1.0.8

concat-map@0.0.1

core-util-is@1.0.2

core-util-is@1.0.3

cross-spawn@3.0.1

currently-unhandled@0.4.1

dashdash@1.14.1

decamelize@1.2.0

define-data-property@1.1.4

define-properties@1.2.1

delayed-stream@1.0.0

delegates@1.0.0

ecc-jsbn@0.1.2

error-ex@1.3.2

es-define-property@1.0.0

es-errors@1.3.0

escape-string-regexp@1.0.5

extend@3.0.2

extsprintf@1.3.0

fast-deep-equal@3.1.3

fast-json-stable-stringify@2.1.0

find-up@1.1.2

form-data@2.3.3

function-bind@1.1.2

gaze@1.1.3

get-intrinsic@1.2.4

get-stdin@4.0.1

getpass@0.1.7

globule@1.3.4

gopd@1.0.1

har-validator@5.1.5

has-ansi@2.0.0

has-property-descriptors@1.0.2

has-proto@1.0.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

43 Packages, Including:

abbrev@1.1.1

aproba@1.2.0

are-we-there-yet@1.1.7

block-stream@0.0.9

cliui@3.2.0

console-control-strings@1.1.0

fs.realpath@1.0.0

fstream@1.0.12

gauge@2.7.4

get-caller-file@1.0.3

glob@7.1.7

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

hosted-git-info@2.8.9

in-publish@2.0.1

inflight@1.0.6

inherits@2.0.4

isexe@2.0.0

json-stringify-safe@5.0.1

lru-cache@4.1.5

minimatch@3.0.8

minimatch@3.1.2

nopt@3.0.6

npmlog@4.1.2

once@1.4.0

osenv@0.1.5

pseudomap@1.0.2

require-main-filename@1.0.1

rimraf@2.7.1

semver@5.3.0

semver@5.7.2

set-blocking@2.0.0

signal-exit@3.0.7

tar@2.2.2

which-module@1.0.0

which@1.3.1

wide-align@1.1.5

wrappy@1.0.2

y18n@3.2.2

yallist@2.1.2

yargs-parser@5.0.1

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

9 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

spdx-correct@3.2.0

true-case-path@1.0.3

tunnel-agent@0.6.0

validate-npm-package-license@3.0.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

5 Packages, Including:

bcrypt-pbkdf@1.0.2

js-base64@2.6.4

qs@6.5.3

source-map@0.4.4

tough-cookie@2.5.0

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

normalize-package-data@2.5.0

uri-js@4.4.1

BSD-3-Clause OR MIT

Permissive

1 Packages, Including:

amdefine@1.0.1

N/A

1 Packages, Including:

async-foreach@0.1.3

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

Creative Commons Attribution 3.0 Unported

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-exceptions@2.5.0

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-license-ids@3.0.18

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of node-sass 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async-foreach	0.1.3	4.52 kB	UNKNOWN	prod	1
chalk	1.1.3	5.11 kB	MIT	prod
cross-spawn	3.0.1	5.28 kB	MIT	prod
gaze	1.1.3	8.66 kB	MIT	prod
get-stdin	4.0.1	978 B	MIT	prod
glob	7.2.3	15.08 kB	ISC	prod
in-publish	2.0.1	1.89 kB	ISC	prod
lodash	4.17.21	311.49 kB	MIT	prod
meow	3.7.0	3.53 kB	MIT	prod	2 2
mkdirp	0.5.6	2.95 kB	MIT	prod
nan	2.19.0	419.43 kB	MIT	prod
node-gyp	3.8.0	384.33 kB	MIT	prod	6 4
npmlog	4.1.2	6.36 kB	ISC	prod
request	2.88.2	57.83 kB	Apache-2.0	prod	3 2
sass-graph	2.2.6	5.02 kB	MIT	prod	2 2
stdout-stream	1.4.1	2.36 kB	MIT	prod
true-case-path	1.0.3	5.78 kB	Apache-2.0	prod

Tree

Treemap

Frequently Asked Questions

What does node-sass do?

Node-sass is a library that provides binding for Node.js to LibSass, the C version of the popular stylesheet preprocessor, Sass. It allows you to natively compile .scss files to css at over-the-top speed and automatically via a connect middleware. Note though, LibSass and Node Sass are deprecated and while they will continue to receive maintenance releases indefinitely, there are no plans to add additional features or compatibility with any new CSS or Sass features. Therefore, projects that still use it should transition onto Dart Sass.

How do you use node-sass?

You can use node-sass by installing it via npm using the command npm install node-sass. After installation, you can use it in your JavaScript code as follows:

var sass = require('node-sass');

sass.render({
  file: scss_filename,
  options: {
    // specify options here
  }
}, function(err, result) { /* handle error or result here */ });

// You can also use it synchronously
var result = sass.renderSync({
  data: scss_content,
  options: {
    // specify options here
  }
});

In this usage example, file and data are either the path to an .scss file or .scss content to be compiled respectively.

Where are the node-sass docs?

The node-sass documentation can be found on its GitHub page. This includes the API, options you can pass to the render function such as file, outputStyle, sourceMap among others. There are also details on how you can use it in the command-line interface.