search

arpadHegedus / postcss-node-sass

A PostCSS plugin to parse styles with node-sass
MIT License
23 stars 16 forks source link

Allow passing Sass engine via plugin options #18

Closed shawnbot closed 2 years ago

shawnbot commented 2 years ago

This PR allows for a sass plugin option that can override the Sass rendering "engine". The default is the version of node-sass included in this repo, but this option allows plugin users to bring their own:

// postcss.config.js
module.exports = {
  syntax: 'postcss-scss',
  plugins: [
    require('postcss-node-sass')({
      sass: require('node-sass')
    })
  ]
}

This was necessary to sidestep a security vulnerability in the dependency tree of node-sass@4.14.1. It uses the same convention as @csstools/postcss-sass, which is unfortunately unusable with postcss v8 until the maintainer publishes a new version.

It would probably be best to specify node-sass as a peer dependency so that this package isn't vulnerable to security issues with whatever version it uses, and pass that responsibility on to whoever is using the plugin.

shawnbot commented 2 years ago

Thanks for merging @arpadHegedus! Do you plan on publishing a new minor version soon?

arpadHegedus commented 2 years ago

@shawnbot Did so now! :D