This PR allows for a sass plugin option that can override the Sass rendering "engine". The default is the version of node-sass included in this repo, but this option allows plugin users to bring their own:
It would probably be best to specify node-sass as a peer dependency so that this package isn't vulnerable to security issues with whatever version it uses, and pass that responsibility on to whoever is using the plugin.
This PR allows for a
sass
plugin option that can override the Sass rendering "engine". The default is the version ofnode-sass
included in this repo, but this option allows plugin users to bring their own:This was necessary to sidestep a security vulnerability in the dependency tree of
node-sass@4.14.1
. It uses the same convention as @csstools/postcss-sass, which is unfortunately unusable with postcss v8 until the maintainer publishes a new version.It would probably be best to specify
node-sass
as a peer dependency so that this package isn't vulnerable to security issues with whatever version it uses, and pass that responsibility on to whoever is using the plugin.