craigsimps / gulp-wp-toolkit Goto Github PK
View Code? Open in Web Editor NEWRe-usable Gulp Toolkit for WordPress Themes
License: MIT License
Re-usable Gulp Toolkit for WordPress Themes
License: MIT License
Thanks for this project. I'm working on a new project and this is a great start.
I'm opening this issue because running npm install gulp-wp-toolkit
results in audit warnings. Based on briefly reviewing these warnings, I'm not spotting any actual security issues because all tasks are being run in development. However, in terms of user experience (and confidence) when installing this project, this warnings can be concerning.
+ [email protected]
added 1725 packages from 842 contributors and audited 14655 packages in 57.068s
found 26 vulnerabilities (5 low, 10 moderate, 11 high)
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-stream > glob > │
│ │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-stream > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-stream > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-stream > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ vow-fs > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > cryptiles > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-gifsicle > │
│ │ gifsicle > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-gifsicle > │
│ │ gifsicle > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-jpegtran > │
│ │ jpegtran-bin > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-jpegtran > │
│ │ jpegtran-bin > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-optipng > │
│ │ optipng-bin > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-optipng > │
│ │ optipng-bin > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > browser-sync > easy-extender > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > browser-sync > localtunnel > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Insecure Entropy Source - Math.random() │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-uuid │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.4.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ vow-fs > node-uuid │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/93 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 26 vulnerabilities (5 low, 10 moderate, 11 high) in 14655 scanned packages
26 vulnerabilities require manual review. See the full report for details.
The prompt suggests running
npm audit fix
but that results in
up to date in 12.432s
fixed 0 of 26 vulnerabilities in 14655 scanned packages
26 vulnerabilities required manual review and could not be updated
so that isn't any real help.
package.json
filenpm install gulp-wp-toolkit
2.3.2
v8.11.2
6.1.0
It would be nice to be able to pass options to the CSS Nano plugin, via something like this:
css: {
basefontsize: 18,
remreplace: false,
remmediaquery: false,
cssnano: {
'z-index': false,
},
}
You can't pass any options.
Pass to the config option (if present) to the cssnano()
block in the build:css
file.
If I need to keep z-index
levels for plugin compatibility (WooCommerce sets certain things to over 1000), I have to rebuild a custom build pipeline. This is more work than necessary, so at the moment I'm printing z-index
overwrites into the header as inline styles.
I've tried changing the src to various values, but not found the right one yet.
I want to bring up some minor things that I noticed while reading through the docs yesterday.
From the README:
"devDependencies": {
"gulp": "^3.9.1",
"gulp-wp-toolkit": "^1.0.1"
}
The version for gulp-wp-toolkit
should probably be "^2" so that new users jump into using version 2 right away.
Also, the line below should be all lower case (basefontsize
) or else the value will not be recognized.
gulp-wp-toolkit/example/Gulpfile.js
Line 82 in 6a3a36c
Bearing in mind the sourcemap issues in #27, and also the comment found here, is it worth looking at ditching gulp-sass
and gulp-banner
in favour of postcss packages like PreCSS and postcss-banner?
To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:
.travis.yml
package.json
files, so that was left aloneIf you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.
Greenkeeper has checked the engines
key in any package.json
file, the .nvmrc
file, and the .travis.yml
file, if present.
engines
was only updated if it defined a single version, not a range..nvmrc
was updated to Node.js 10.travis.yml
was only changed if there was a root-level node_js
that didn’t already include Node.js 10, such as node
or lts/*
. In this case, the new version was appended to the list. We didn’t touch job or matrix configurations because these tend to be quite specific and complex, and it’s difficult to infer what the intentions were.For many simpler .travis.yml
configurations, this PR should suffice as-is, but depending on what you’re doing it may require additional work or may not be applicable at all. We’re also aware that you may have good reasons to not update to Node.js 10, which is why this was sent as an issue and not a pull request. Feel free to delete it without comment, I’m a humble robot and won’t feel rejected 🤖
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Not exactly a bug, but I've recently had an issue where the appropriate prefixes aren't added for iOS version 8.
I believe this is because autoprefix()
is being used with the default settings, which only looks for the last two versions of a browser.
Looking into it, it looks like the best practice is to use browserslist
in package.json
. Is this possible with this toolkit?
I'm getting the following for all gulp commands in Incipio. I'd just cleaned the yarn cache.
module.js:487
throw err;
^
Error: Cannot find module 'bourbon-neat'
at Function.Module._resolveFilename (module.js:485:15)
at Function.resolve (internal/module.js:18:19)
at Object.<anonymous> (/Users/gary/Local Sites/incipio/app/public/wp-content/themes/incipio/node_modules/node-neat/index.js:4:30)
at Module._compile (module.js:569:30)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:503:32)
at tryModuleLoad (module.js:466:12)
at Function.Module._load (module.js:458:3)
at Module.require (module.js:513:17)
at require (internal/module.js:11:18)
Link - https://github.com/csscomb/csscomb.js
There would need to be a conditional to limit it to the unminifed stylesheet only.
Here's how I'm currently using it - example.
WPCS config:
{
"remove-empty-rulesets": true,
"always-semicolon": true,
"color-case": "lower",
"block-indent": "\t",
"color-shorthand": false,
"element-case": "lower",
"eof-newline": true,
"leading-zero": true,
"quotes": "single",
"space-before-colon": "",
"space-after-colon": " ",
"space-before-combinator": " ",
"space-after-combinator": " ",
"space-between-declarations": "\n",
"space-before-opening-brace": " ",
"space-after-opening-brace": "\n",
"space-after-selector-delimiter": "\n",
"space-before-selector-delimiter": "",
"space-before-closing-brace": "\n",
"strip-spaces": true,
"unitless-zero": true,
"vendor-prefix-align": true
}
Add support for BrowserSync's HTTPS feature to allow the use of local SSL certificates.
Enable https for localhost development.
From my understanding there is currently no way to enable HTTPS.
bs.init({
proxy: config.server.url,
online: true,
});
Add a conditional to check if HTTPS settings have been defined in the config. E.g:
bs.init({
proxy: config.server.url,
port: config.server.port,
online: config.server.online,
if (config.server.key) {
https: {
"key": config.server.key,
"cert": config.server.cert
}
}
});
Here, config.server.key and config.server.cert would be the full path to the local SSL:
https: {
"key": "/Users/seothemes/.valet/Certificates/example.dev.key",
"cert": "/Users/seothemes/.valet/Certificates/example.dev.crt"
}
🚨 You need to enable Continuous Integration on all branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because we are using your CI build statuses to figure out when to notify you about breaking changes.
Since we did not receive a CI status on the greenkeeper/initial
branch, we assume that you still need to configure it.
If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with greenkeeper/
.
We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
Branch | Build failing 🚨 |
---|---|
Dependency | cssnano |
Current Version | 4.0.4 |
Type | dependency |
This version is covered by your current version range and after updating it in your project the build failed.
cssnano is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
postcss-merge-longhand
now correctly merges borders with custom properties.postcss-merge-longhand
doesn't throw error in some border
merge cases.There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
The current lint tasks are:
'lint:css': [require('./lint/stylelint')],
'lint:scss': [require('./lint/scss')],
'lint:eslint': [require('./lint/eslint')],
'lint:jshint': [require('./lint/jshint')],
'lint:jscs': [require('./lint/jscs')],
'lint:jsvalidate': [require('./lint/jsvalidate')],
'lint:json': [require('./lint/json')],
'lint:js': [sequence('lint:jshint', 'lint:jscs', 'lint:jsvalidate', 'lint:json')],
'lint:i18n': [require('./lint/i18n')],
'lint:colors': [require('./lint/colors')],
'lint:phpcs': [require('./lint/phpcs')],
'lint:phpmd': [require('./lint/phpmd')],
'lint:php': [sequence('lint:phpcs', 'lint:phpmd')],
'lint': [sequence('lint:php', 'lint:scss', 'lint:js', 'lint:i18n', 'lint:colors')],
I reckon we could re-jig some of those:
eslint
in the js
task, possibly drop one or two which eslint covers.lint:style
that can handle css
, scss
, and colors
,i18n
into php
task.cc @ntwb who is more familiar with what eslint and stylelint can check for here.
Some of these individual tasks also seem broken (not finding the right config files, so this also needs fixing up.
https://greenkeeper.io/ - helps keeps on top of npm dependencies that change, with automatic PRs etc. See https://github.com/WordPress-Coding-Standards/eslint-plugin-wordpress/pulls?utf8=%E2%9C%93&q=label%3Agreenkeeper%20 for an example.
https://www.sitepoint.com/comparison-javascript-linting-tools/ summarises the difference between JSHint and ESLint, and a few other articles I've read also suggest it may be worth switching.
JSCS is now end of life, and with #2 having implemented ESLint, there should be no reason to continue to include JSCS.
Removing it sooner, and bumping the major version number to indicate breaking compatibility, is likely to be far less painful than doing it later.
https://github.com/therealklanni/git-guppy
https://gist.github.com/therealklanni/9966d215d2b13a9c0e6e
Git hooks would allow the running of lint checks before the commit is accepted - that way, all code could be made to follow pass the checks (or have exclusions added).
Should we add a minimum node version engine to package.json
?
Some of our dependencies say they support >=0.1.0
. We should still be able to use them, but we'd also be able to use some ES2015 features, as per node.green. See #53.
It would be nice if to have some basic configurability of when/where to use source maps.
In my gulpfile.js
I have set up two stylesheets, style.css
and style.min.css
. My theme enqueues style.min.css
unless SCRIPT_DEBUG
is not null. This allows me to work with the expanded stylesheet during development, which is the only time that I want source maps to load. I would love to be able to remove source maps from style.min.css
so that they do not load on production sites.
In short, what I'm looking to do is to have source maps for style.css
but no source maps for style.min.css
.
Like we support different combinations of JavaScript files being configured to be concatenated and minified, we should allow the same for CSS files.
Right now, the build:css
task is hard-coded around style.scss
to style.css
. This means it's not reusable to build files like editor-style.css
, or edd.css
. Having a css
configuration block might also be the start of a workaround for #3.
Initially, it may be that all individual .scss
go through the same build process, but ideally, we may want to configure the list of middleware items (i.e. only certain files pass through the RTL procedure).
When working with the gulp-wp-toolkit
in Windows 10 I am bombarded with notifications and chimes when tasks run, leading me to consider switching away from the gulp-notify
package and instead relying on command line based notifications using a simple console.log
or another simple package if one is available.
Looking for feedback on your experience of notifications within the toolkit, are they too much, should there be more or less, any notifications that should be added which aren't?
Right now, the generated style.css file headers are inflexible. Tags:
and Domain Path
are missing, and themes would be forced to have a Template: genesis
, even if the toolkit was used on a non-child theme. The default values in the the toolkits config.js
are mostly worthless, as not overriding them in the theme's extendConfig
means that info from the toolkits package.json (i.e. author = Craig Simpson) would be added.
We have scss-lint for checking the SCSS, but Stylelint can be used for checking the CSS output. Through different SCSS, compiling of SCSS, and any PostCSS adjustments, we should be able to make any CSS meet the WP standards for CSS. There's a handy config by @ntwb - https://github.com/ntwb/stylelint-config-wordpress
When running any of the build tasks, the error DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.
is shown.
Investigation has led me to the formidable
package, which appears in the dependency tree here:
This suggests that version 1.0.17 is in use at the moment. On viewing the repository https://github.com/felixge/node-formidable I have noted that the current version is 1.1.1 and that the latest release 10 days ago mentions
Fix DeprecationWarning about os.tmpDir() (Christian)
Further investigation is required to find exactly which package is dependant on node-formidable
before it can be updated.
yarn outdated
is listing the following as outdated:
Package Current Wanted Latest Package Type URL
autoprefixer 6.7.7 6.7.7 7.1.2 dependencies https://github.com/postcss/autoprefixer#readme
css-mqpacker 5.0.1 5.0.1 6.0.1 dependencies https://github.com/hail2u/node-css-mqpacker
del 2.2.2 2.2.2 3.0.0 dependencies https://github.com/sindresorhus/del#readme
eslint-config-wordpress 1.1.0 1.1.0 2.0.0 dependencies https://github.com/WordPress-Coding-Standards/eslint-config-wordpress#readme
gulp-changed 1.3.2 1.3.2 3.1.0 dependencies https://github.com/sindresorhus/gulp-changed#readme
gulp-checktextdomain 1.1.1 1.1.1 2.0.0 dependencies https://github.com/felixzapata/gulp-checktextdomain#readme
gulp-eslint 3.0.1 3.0.1 4.0.0 dependencies https://github.com/adametry/gulp-eslint#readme
gulp-phpcs 1.4.0 1.4.0 2.0.0 dependencies https://github.com/JustBlackBird/gulp-phpcs#readme
gulp-postcss 6.4.0 6.4.0 7.0.0 dependencies https://github.com/postcss/gulp-postcss
gulp-replace 0.5.4 0.5.4 0.6.1 dependencies https://github.com/lazd/gulp-replace#readme
gulp-scss-lint 0.4.0 0.4.0 0.5.0 dependencies http://github.com/juanfran/gulp-scss-lint
gulp-stylelint 3.9.0 3.9.0 4.0.0 dependencies https://github.com/olegskl/gulp-stylelint
gulp-uglify 2.1.2 2.1.2 3.0.0 dependencies https://github.com/terinjokes/gulp-uglify/
node-normalize-scss 1.5.0 1.5.0 3.0.0 dependencies https://github.com/ranjandatta/node-normalize-scss#readme
stylelint-config-wordpress 11.0.0 11.0.0 12.0.0 dependencies https://github.com/WordPress-Coding-Standards/stylelint-config-wordpress
yargs 6.6.0 6.6.0 8.0.2 dependencies http://yargs.js.org/
The self:js
alias should cover the four JavaScript related self tasks (like self
currently does).
The idea is to have parity with lint
tasks.
There doesn't appear to be any special support for moving develop/images/screenshot.png
into /screenshot.png
.
In the CSS build task pixel sizes are converted to rems using postcss-pxtorem
. The root value for this conversion is set at 16px because at the moment this is the base font size in my starter theme.
However if the base font size in my starter theme is changed (to 18px for example), this results in all other elements becoming oversized because PostCSS Pxtorem is still using 16px as its root value.
Propose creating a config variable within css
section for base font size allowing the value to be changed on a per theme basis.
Using gulp-bump we can easily increment version numbers within theme files such as bower.json
, package.json
and style.css
as long as we adhere to Semver.
I changed the folder name of my sass files from scss
to sass
and added an override in gulpfile.js ` src: {
css: 'develop/sass/**/*.scss'
},`
However, style.css.map has been off ever since, and I can't figure out where to address this. I do get the appearance of source mapping, but it points to completely wrong partial and line.
It would be nice to allow ES6 JS in projects using Gulp WP Toolkit, and we could add gulp-babel to the JS build process to take care of this step.
https://stackoverflow.com/a/21237365/2208553 suggests there may be small performance benefits in using const
instead of var
.
For example, in potomo.js:
var gulp = require('gulp'),
config = require('../../config'),
potomo = require('gulp-potomo'),
notify = require('gulp-notify');
would become:
const gulp = require('gulp');
const config = require('../../config');
const potomo = require('gulp-potomo');
const notify = require('gulp-notify');
Looks like support for const
goes back to Node 0.10.
At the moment we allow the root_value
within pxtorem()
to be overwritten by setting a new config variable, however, there is no way for package users to optionally switch off conversion of media query values, and switch on the replacement of values if they wish.
There's no point in browser-sync
starting with library.dev
(the default URL), so the default should be removed, and a condition added so it only starts when it is set (in the consuming theme).
https://github.com/felixzapata/gulp-checktextdomain says that it checks for missing or incorrect textdomains.
However, https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/blob/develop/WordPress/Sniffs/WP/I18nSniff.php is now sufficiently advanced, that with the right config setup in phpcs, it does a lot more checks.
I propose that we drop the i18n task completely, and let the existing tool handle it in a much better way.
Running the command gulp bump --minor
should bump version 1.0.0 to 1.1.0.
Running the command gulp bump --minor
or gulp bump --major
bumps version 1.0.0 to 1.0.1.
The current JS tasks takes an array of files to merge, and concats them before minifying and saving them at the destination. I've got some develop/js files that should either just be moved, or grouped into it's a new concatenated file.
Option 1:
Support a standalone
flag which allows named files to be minified and copied, but not concatenated with anything else.
Option 2:
Allow js
task to support multi-dimensional arrays that are then grouped (and named)?:
js: {
[
files: [
'develop/js/a.js'
'develop/js/b.js',
'develop/js/c.js'
],
filename: 'letters'
],
[
files: [
'develop/js/1.js',
'develop/js/2.js'
],
filename: 'numbers'
],
[
files: [
'develop/js/foobar.js',
],
filename: 'standalone'
]
},
For instance, this would allow numbers.js
to be conditionally enqueued, while letters.js
is always enqueued. standalone.js
would also be enqueable as needed, it just happens to have been concatenated with zero other files before minifying.
There doesn't appear to be any special support for moving develop/images/screenshot.png
into /screenshot.png
.
The lint:phpcs
will look for a phpcs.xml
file in the theme/plugin root before defaulting to the one in this toolkit.
However, it should also first look for phpcs.xml.dist
as well, since that is the preferred file name for distributing the config, and allowing local overrides with phpcs.xml
.
Same goes for phpmd.xml
as well.
The workaround until this is done, is to add the following to the theme/plugin Gulpfile.js, in the extendConfig()
section:
lintfiles: {
phpcs: 'phpcs.xml.dist'
}
Branch | Build failing 🚨 |
---|---|
Dependency | gulp-checktextdomain |
Current Version | 2.1.1 |
Type | dependency |
This version is covered by your current version range and after updating it in your project the build failed.
gulp-checktextdomain is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
The new version differs by 7 commits.
2461667
docs(CHANGELOG.md): update CHANGELOG.md with version 2.2.0
05de1bb
chore(tasks): update development tasks
d40677e
chore(package): update gulp-util
1b5bcb4
chore(tasks): remove gulp-util dependencies
e2ec723
chore(package): add ansi-colors and fancy-log
c679cf5
chore(package-lock.json): add file
0c618c4
feat(gulp-util): remove gulp-util due to gulp v4
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
https://github.com/MohammadYounes/gulp-rtlcss
Some themes need right-to-left styles, and this package can help generate them.
The gotcha here, is being able to generate the right sourcemap when building SCSS into CSS, AND minifying, AND producing RTL versions.. Separating the styles task up into subtasks that save an intermediary file might be needed.
I think the ideal behaviour would be to look for task-specific files (like .jshintrc, .scss-lint.yml etc.) in this package (have the default config point to them), but if they are present in the root of the consuming theme, then use those instead. If we can get away without having to make the consuming theme package explicitly state the paths to them in the config, even better.
Trying to run self tasks with gulp
on the files in this repo doesn't work:
Running it when in the context of a theme repo, does:
This seems odd though. Clearly we have no Gulpfile, but perhaps we could do something with npm scripts, so that we can run self
tests, or just bite the bullet and add in a Gulpfile here?
It would be handy to show how to add a custom task. For instance, the developer needs to add the ability to zip up specific files (with some exclusions) into multiple zip files. Where should the task file go? How does the new task get wired up?
The build:i18n
process generates the .pot
file into develop/languages
, but doesn't try to convert .po
files in the same directory to .mo
files in languages
.
Should it?
Right now build:potomo
is not part of the default build process at all.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.