craigsimps / gulp-wp-toolkit Goto Github PK
View Code? Open in Web Editor NEWRe-usable Gulp Toolkit for WordPress Themes
License: MIT License
gulp-wp-toolkit's People
Contributors
![greenkeeper[bot] avatar](https://avatars.githubusercontent.com/in/505?v=4 "greenkeeper[bot]")
Stargazers
Watchers
Forkers
treewater timothyjensen seothemes ibes cjkoepke abarthakur psdtogenesis jarrodbell trivision-developer reswordpressgulp-wp-toolkit's Issues
Audit warnings on npm install
Thanks for this project. I'm working on a new project and this is a great start.
I'm opening this issue because running npm install gulp-wp-toolkit results in audit warnings. Based on briefly reviewing these warnings, I'm not spotting any actual security issues because all tasks are being run in development. However, in terms of user experience (and confidence) when installing this project, this warnings can be concerning.
+ [email protected]
added 1725 packages from 842 contributors and audited 14655 packages in 57.068s
found 26 vulnerabilities (5 low, 10 moderate, 11 high)
Current Behavior
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-stream > glob > │
│ │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-stream > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-stream > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-stream > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ vow-fs > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > cryptiles > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass > node-sass > node-gyp > request │
│ │ > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-gifsicle > │
│ │ gifsicle > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-gifsicle > │
│ │ gifsicle > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-jpegtran > │
│ │ jpegtran-bin > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-jpegtran > │
│ │ jpegtran-bin > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-optipng > │
│ │ optipng-bin > bin-build > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-imagemin > imagemin-optipng > │
│ │ optipng-bin > bin-wrapper > download > caw > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > browser-sync > easy-extender > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp > vinyl-fs > glob-watcher > gaze > │
│ │ globule > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-sass-bulk-import > vinyl-fs > │
│ │ glob-watcher > gaze > globule > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > browser-sync > localtunnel > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Insecure Entropy Source - Math.random() │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-uuid │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.4.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-wp-toolkit │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-wp-toolkit > gulp-csscomb > csscomb > csscomb-core > │
│ │ vow-fs > node-uuid │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/93 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 26 vulnerabilities (5 low, 10 moderate, 11 high) in 14655 scanned packages
26 vulnerabilities require manual review. See the full report for details.
Possible Solution
The prompt suggests running
npm audit fix
but that results in
up to date in 12.432s
fixed 0 of 26 vulnerabilities in 14655 scanned packages
26 vulnerabilities required manual review and could not be updated
so that isn't any real help.
Steps to Reproduce (for bugs)
- In a new project with a
package.jsonfile - Run
npm install gulp-wp-toolkit
Your Environment
- Version used:
2.3.2 - Node version:
v8.11.2 - NPM version:
6.1.0 - Theme: n/a
- Link to your project: n/a
Add self:phpcs task
Allow CSS Nano Parameters
Expected Behavior
It would be nice to be able to pass options to the CSS Nano plugin, via something like this:
css: {
basefontsize: 18,
remreplace: false,
remmediaquery: false,
cssnano: {
'z-index': false,
},
}Current Behavior
You can't pass any options.
Possible Solution
Pass to the config option (if present) to the cssnano() block in the build:css file.
Context
If I need to keep z-index levels for plugin compatibility (WooCommerce sets certain things to over 1000), I have to rebuild a custom build pipeline. This is more work than necessary, so at the moment I'm printing z-index overwrites into the header as inline styles.
gulp-bower breaks when bower.json does not exist
Bower can be replaced with npm / yarn. As such, dependencies can be listed in package.json instead of in a bower.json.
Running gulp build fails, as in my theme, bower.json does not exist. It should probably continue silently if the file is absent.
(Or, strip out gulp-bower completely)
Improve stylesheet log messages
In my example, it's compiling and saving style.css, style.css.map, editor-style.css and editor-style.css.map, but the log messages don't reflect that in a useful way.
It would be nice to see if the generated file name could be placed into the log messages.
lint:colors src is wrong?
I've tried changing the src to various values, but not found the right one yet.
Update README and example
I want to bring up some minor things that I noticed while reading through the docs yesterday.
From the README:
"devDependencies": {
"gulp": "^3.9.1",
"gulp-wp-toolkit": "^1.0.1"
}
The version for gulp-wp-toolkit should probably be "^2" so that new users jump into using version 2 right away.
Also, the line below should be all lower case (basefontsize) or else the value will not be recognized.
gulp-wp-toolkit/example/Gulpfile.js
Line 82 in 6a3a36c
Switch to PostCSS-only stack?
Bearing in mind the sourcemap issues in #27, and also the comment found here, is it worth looking at ditching gulp-sass and gulp-banner in favour of postcss packages like PreCSS and postcss-banner?
Version 10 of node.js has been released
Version 10 of Node.js (code name Dubnium) has been released! 🎊
To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:
- Added the new Node.js version to your
.travis.yml - The new Node.js version is in-range for the engines in 1 of your
package.jsonfiles, so that was left alone
If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.
More information on this issue
Greenkeeper has checked the engines key in any package.json file, the .nvmrc file, and the .travis.yml file, if present.
engineswas only updated if it defined a single version, not a range..nvmrcwas updated to Node.js 10.travis.ymlwas only changed if there was a root-levelnode_jsthat didn’t already include Node.js 10, such asnodeorlts/*. In this case, the new version was appended to the list. We didn’t touch job or matrix configurations because these tend to be quite specific and complex, and it’s difficult to infer what the intentions were.
For many simpler .travis.yml configurations, this PR should suffice as-is, but depending on what you’re doing it may require additional work or may not be applicable at all. We’re also aware that you may have good reasons to not update to Node.js 10, which is why this was sent as an issue and not a pull request. Feel free to delete it without comment, I’m a humble robot and won’t feel rejected 🤖
FAQ and help
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Not using browserslist?
Not exactly a bug, but I've recently had an issue where the appropriate prefixes aren't added for iOS version 8.
I believe this is because autoprefix() is being used with the default settings, which only looks for the last two versions of a browser.
Looking into it, it looks like the best practice is to use browserslist in package.json. Is this possible with this toolkit?
Cannot find module 'bourbon-neat'
I'm getting the following for all gulp commands in Incipio. I'd just cleaned the yarn cache.
module.js:487
throw err;
^
Error: Cannot find module 'bourbon-neat'
at Function.Module._resolveFilename (module.js:485:15)
at Function.resolve (internal/module.js:18:19)
at Object.<anonymous> (/Users/gary/Local Sites/incipio/app/public/wp-content/themes/incipio/node_modules/node-neat/index.js:4:30)
at Module._compile (module.js:569:30)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:503:32)
at tryModuleLoad (module.js:466:12)
at Function.Module._load (module.js:458:3)
at Module.require (module.js:513:17)
at require (internal/module.js:11:18)
Add self:scss task
Consider adding CSSComb to automatically format stylesheet
Link - https://github.com/csscomb/csscomb.js
There would need to be a conditional to limit it to the unminifed stylesheet only.
Here's how I'm currently using it - example.
WPCS config:
{
"remove-empty-rulesets": true,
"always-semicolon": true,
"color-case": "lower",
"block-indent": "\t",
"color-shorthand": false,
"element-case": "lower",
"eof-newline": true,
"leading-zero": true,
"quotes": "single",
"space-before-colon": "",
"space-after-colon": " ",
"space-before-combinator": " ",
"space-after-combinator": " ",
"space-between-declarations": "\n",
"space-before-opening-brace": " ",
"space-after-opening-brace": "\n",
"space-after-selector-delimiter": "\n",
"space-before-selector-delimiter": "",
"space-before-closing-brace": "\n",
"strip-spaces": true,
"unitless-zero": true,
"vendor-prefix-align": true
}Add support for HTTPS
Add support for BrowserSync's HTTPS feature to allow the use of local SSL certificates.
Expected Behavior
Enable https for localhost development.
Current Behavior
From my understanding there is currently no way to enable HTTPS.
bs.init({
proxy: config.server.url,
online: true,
});Possible Solution
Add a conditional to check if HTTPS settings have been defined in the config. E.g:
bs.init({
proxy: config.server.url,
port: config.server.port,
online: config.server.online,
if (config.server.key) {
https: {
"key": config.server.key,
"cert": config.server.cert
}
}
});Here, config.server.key and config.server.cert would be the full path to the local SSL:
https: {
"key": "/Users/seothemes/.valet/Certificates/example.dev.key",
"cert": "/Users/seothemes/.valet/Certificates/example.dev.crt"
}Action required: Greenkeeper could not be activated 🚨
🚨 You need to enable Continuous Integration on all branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because we are using your CI build statuses to figure out when to notify you about breaking changes.
Since we did not receive a CI status on the greenkeeper/initial branch, we assume that you still need to configure it.
If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with greenkeeper/.
We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
An in-range update of cssnano is breaking the build 🚨
Version 4.0.5 of cssnano was just published.
| Branch | Build failing 🚨 |
|---|---|
| Dependency | cssnano |
| Current Version | 4.0.4 |
| Type | dependency |
This version is covered by your current version range and after updating it in your project the build failed.
cssnano is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
Status Details
- ❌ continuous-integration/travis-ci/push: The Travis CI build could not complete due to an error (Details).
Release Notes
4.0.5Bug Fixes
postcss-merge-longhandnow correctly merges borders with custom properties.postcss-merge-longhanddoesn't throw error in somebordermerge cases.
FAQ and help
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Refresh lint tasks
The current lint tasks are:
'lint:css': [require('./lint/stylelint')],
'lint:scss': [require('./lint/scss')],
'lint:eslint': [require('./lint/eslint')],
'lint:jshint': [require('./lint/jshint')],
'lint:jscs': [require('./lint/jscs')],
'lint:jsvalidate': [require('./lint/jsvalidate')],
'lint:json': [require('./lint/json')],
'lint:js': [sequence('lint:jshint', 'lint:jscs', 'lint:jsvalidate', 'lint:json')],
'lint:i18n': [require('./lint/i18n')],
'lint:colors': [require('./lint/colors')],
'lint:phpcs': [require('./lint/phpcs')],
'lint:phpmd': [require('./lint/phpmd')],
'lint:php': [sequence('lint:phpcs', 'lint:phpmd')],
'lint': [sequence('lint:php', 'lint:scss', 'lint:js', 'lint:i18n', 'lint:colors')],I reckon we could re-jig some of those:
- include
eslintin thejstask, possibly drop one or two which eslint covers. - create a
lint:stylethat can handlecss,scss, andcolors, - Add
i18nintophptask.
cc @ntwb who is more familiar with what eslint and stylelint can check for here.
Some of these individual tasks also seem broken (not finding the right config files, so this also needs fixing up.
Add greenkeeper.io to repo
https://greenkeeper.io/ - helps keeps on top of npm dependencies that change, with automatic PRs etc. See https://github.com/WordPress-Coding-Standards/eslint-plugin-wordpress/pulls?utf8=%E2%9C%93&q=label%3Agreenkeeper%20 for an example.
Switch to ESLint
https://www.sitepoint.com/comparison-javascript-linting-tools/ summarises the difference between JSHint and ESLint, and a few other articles I've read also suggest it may be worth switching.
Remove JSCS
JSCS is now end of life, and with #2 having implemented ESLint, there should be no reason to continue to include JSCS.
Removing it sooner, and bumping the major version number to indicate breaking compatibility, is likely to be far less painful than doing it later.
Pre-commit Hooks
https://github.com/therealklanni/git-guppy
https://gist.github.com/therealklanni/9966d215d2b13a9c0e6e
Git hooks would allow the running of lint checks before the commit is accepted - that way, all code could be made to follow pass the checks (or have exclusions added).
Add minimum node engine version?
Should we add a minimum node version engine to package.json?
Some of our dependencies say they support >=0.1.0. We should still be able to use them, but we'd also be able to use some ES2015 features, as per node.green. See #53.
Option to not generate source maps
It would be nice if to have some basic configurability of when/where to use source maps.
Context
In my gulpfile.js I have set up two stylesheets, style.css and style.min.css. My theme enqueues style.min.css unless SCRIPT_DEBUG is not null. This allows me to work with the expanded stylesheet during development, which is the only time that I want source maps to load. I would love to be able to remove source maps from style.min.css so that they do not load on production sites.
In short, what I'm looking to do is to have source maps for style.css but no source maps for style.min.css.
Allow multiple .css to be compiled
Like we support different combinations of JavaScript files being configured to be concatenated and minified, we should allow the same for CSS files.
Right now, the build:css task is hard-coded around style.scss to style.css. This means it's not reusable to build files like editor-style.css, or edd.css. Having a css configuration block might also be the start of a workaround for #3.
Initially, it may be that all individual .scss go through the same build process, but ideally, we may want to configure the list of middleware items (i.e. only certain files pass through the RTL procedure).
Update or replace notifications.
When working with the gulp-wp-toolkit in Windows 10 I am bombarded with notifications and chimes when tasks run, leading me to consider switching away from the gulp-notify package and instead relying on command line based notifications using a simple console.log or another simple package if one is available.
Looking for feedback on your experience of notifications within the toolkit, are they too much, should there be more or less, any notifications that should be added which aren't?
Fix style file headers
Right now, the generated style.css file headers are inflexible. Tags: and Domain Path are missing, and themes would be forced to have a Template: genesis, even if the toolkit was used on a non-child theme. The default values in the the toolkits config.js are mostly worthless, as not overriding them in the theme's extendConfig means that info from the toolkits package.json (i.e. author = Craig Simpson) would be added.
Add stylelint
We have scss-lint for checking the SCSS, but Stylelint can be used for checking the CSS output. Through different SCSS, compiling of SCSS, and any PostCSS adjustments, we should be able to make any CSS meet the WP standards for CSS. There's a handy config by @ntwb - https://github.com/ntwb/stylelint-config-wordpress
DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.
When running any of the build tasks, the error DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead. is shown.
Investigation has led me to the formidable package, which appears in the dependency tree here:
This suggests that version 1.0.17 is in use at the moment. On viewing the repository https://github.com/felixge/node-formidable I have noted that the current version is 1.1.1 and that the latest release 10 days ago mentions
Fix DeprecationWarning about os.tmpDir() (Christian)
Further investigation is required to find exactly which package is dependant on node-formidable before it can be updated.
Outdated packages
yarn outdated is listing the following as outdated:
Package Current Wanted Latest Package Type URL
autoprefixer 6.7.7 6.7.7 7.1.2 dependencies https://github.com/postcss/autoprefixer#readme
css-mqpacker 5.0.1 5.0.1 6.0.1 dependencies https://github.com/hail2u/node-css-mqpacker
del 2.2.2 2.2.2 3.0.0 dependencies https://github.com/sindresorhus/del#readme
eslint-config-wordpress 1.1.0 1.1.0 2.0.0 dependencies https://github.com/WordPress-Coding-Standards/eslint-config-wordpress#readme
gulp-changed 1.3.2 1.3.2 3.1.0 dependencies https://github.com/sindresorhus/gulp-changed#readme
gulp-checktextdomain 1.1.1 1.1.1 2.0.0 dependencies https://github.com/felixzapata/gulp-checktextdomain#readme
gulp-eslint 3.0.1 3.0.1 4.0.0 dependencies https://github.com/adametry/gulp-eslint#readme
gulp-phpcs 1.4.0 1.4.0 2.0.0 dependencies https://github.com/JustBlackBird/gulp-phpcs#readme
gulp-postcss 6.4.0 6.4.0 7.0.0 dependencies https://github.com/postcss/gulp-postcss
gulp-replace 0.5.4 0.5.4 0.6.1 dependencies https://github.com/lazd/gulp-replace#readme
gulp-scss-lint 0.4.0 0.4.0 0.5.0 dependencies http://github.com/juanfran/gulp-scss-lint
gulp-stylelint 3.9.0 3.9.0 4.0.0 dependencies https://github.com/olegskl/gulp-stylelint
gulp-uglify 2.1.2 2.1.2 3.0.0 dependencies https://github.com/terinjokes/gulp-uglify/
node-normalize-scss 1.5.0 1.5.0 3.0.0 dependencies https://github.com/ranjandatta/node-normalize-scss#readme
stylelint-config-wordpress 11.0.0 11.0.0 12.0.0 dependencies https://github.com/WordPress-Coding-Standards/stylelint-config-wordpress
yargs 6.6.0 6.6.0 8.0.2 dependencies http://yargs.js.org/
Add `self:js` alias
The self:js alias should cover the four JavaScript related self tasks (like self currently does).
The idea is to have parity with lint tasks.
Support develop/images/screenshot.png
There doesn't appear to be any special support for moving develop/images/screenshot.png into /screenshot.png.
Root value for pxtorem is set at 16
In the CSS build task pixel sizes are converted to rems using postcss-pxtorem. The root value for this conversion is set at 16px because at the moment this is the base font size in my starter theme.
However if the base font size in my starter theme is changed (to 18px for example), this results in all other elements becoming oversized because PostCSS Pxtorem is still using 16px as its root value.
Propose creating a config variable within css section for base font size allowing the value to be changed on a per theme basis.
Space in path causes build:potomo to fail
May well be an issue upstream, but I get the following error when trying to run gulp build:potomo:
The "error while opening" message seems to suggest that the space in my file path is the cause of the problem.
Bump version numbers with Gulp
Using gulp-bump we can easily increment version numbers within theme files such as bower.json, package.json and style.css as long as we adhere to Semver.
Source map file incorrect
I changed the folder name of my sass files from scss to sass and added an override in gulpfile.js ` src: {
css: 'develop/sass/**/*.scss'
},`
However, style.css.map has been off ever since, and I can't figure out where to address this. I do get the appearance of source mapping, but it points to completely wrong partial and line.
Add support for ES6 Transpiling
It would be nice to allow ES6 JS in projects using Gulp WP Toolkit, and we could add gulp-babel to the JS build process to take care of this step.
Use `const` instead of `var`
https://stackoverflow.com/a/21237365/2208553 suggests there may be small performance benefits in using const instead of var.
For example, in potomo.js:
var gulp = require('gulp'),
config = require('../../config'),
potomo = require('gulp-potomo'),
notify = require('gulp-notify');would become:
const gulp = require('gulp');
const config = require('../../config');
const potomo = require('gulp-potomo');
const notify = require('gulp-notify');Looks like support for const goes back to Node 0.10.
Allow other PostCSS `pxtorem()` config options to be overwritten.
At the moment we allow the root_value within pxtorem() to be overwritten by setting a new config variable, however, there is no way for package users to optionally switch off conversion of media query values, and switch on the replacement of values if they wish.
Only start browser-sync if server URL is set
There's no point in browser-sync starting with library.dev (the default URL), so the default should be removed, and a condition added so it only starts when it is set (in the consuming theme).
Drop gulp-checktextdomain in favour of WPCS
https://github.com/felixzapata/gulp-checktextdomain says that it checks for missing or incorrect textdomains.
However, https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/blob/develop/WordPress/Sniffs/WP/I18nSniff.php is now sufficiently advanced, that with the right config setup in phpcs, it does a lot more checks.
I propose that we drop the i18n task completely, and let the existing tool handle it in a much better way.
Bump task does not respect arguments
Expected Behavior
Running the command gulp bump --minor should bump version 1.0.0 to 1.1.0.
Current Behavior
Running the command gulp bump --minor or gulp bump --major bumps version 1.0.0 to 1.0.1.
Your Environment
- Version used: 2.1.0
- Node version: 8.9.1
- NPM version: 5.6
- Theme: starter theme
Allow some JS files to be copied without merge
The current JS tasks takes an array of files to merge, and concats them before minifying and saving them at the destination. I've got some develop/js files that should either just be moved, or grouped into it's a new concatenated file.
Option 1:
Support a standalone flag which allows named files to be minified and copied, but not concatenated with anything else.
Option 2:
Allow js task to support multi-dimensional arrays that are then grouped (and named)?:
js: {
[
files: [
'develop/js/a.js'
'develop/js/b.js',
'develop/js/c.js'
],
filename: 'letters'
],
[
files: [
'develop/js/1.js',
'develop/js/2.js'
],
filename: 'numbers'
],
[
files: [
'develop/js/foobar.js',
],
filename: 'standalone'
]
},
For instance, this would allow numbers.js to be conditionally enqueued, while letters.js is always enqueued. standalone.js would also be enqueable as needed, it just happens to have been concatenated with zero other files before minifying.
Support develop/images/screenshot.png
There doesn't appear to be any special support for moving develop/images/screenshot.png into /screenshot.png.
Support auto-finding phpcs.xml.dist
The lint:phpcs will look for a phpcs.xml file in the theme/plugin root before defaulting to the one in this toolkit.
However, it should also first look for phpcs.xml.dist as well, since that is the preferred file name for distributing the config, and allowing local overrides with phpcs.xml.
Same goes for phpmd.xml as well.
The workaround until this is done, is to add the following to the theme/plugin Gulpfile.js, in the extendConfig() section:
lintfiles: {
phpcs: 'phpcs.xml.dist'
}An in-range update of gulp-checktextdomain is breaking the build 🚨
Version 2.2.0 of gulp-checktextdomain was just published.
| Branch | Build failing 🚨 |
|---|---|
| Dependency | gulp-checktextdomain |
| Current Version | 2.1.1 |
| Type | dependency |
This version is covered by your current version range and after updating it in your project the build failed.
gulp-checktextdomain is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
Status Details
- ❌ continuous-integration/travis-ci/push The Travis CI build could not complete due to an error Details
Commits
The new version differs by 7 commits.
2461667docs(CHANGELOG.md): update CHANGELOG.md with version 2.2.005de1bbchore(tasks): update development tasksd40677echore(package): update gulp-util1b5bcb4chore(tasks): remove gulp-util dependenciese2ec723chore(package): add ansi-colors and fancy-logc679cf5chore(package-lock.json): add file0c618c4feat(gulp-util): remove gulp-util due to gulp v4
See the full diff
FAQ and help
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Add RTL Styles
https://github.com/MohammadYounes/gulp-rtlcss
Some themes need right-to-left styles, and this package can help generate them.
The gotcha here, is being able to generate the right sourcemap when building SCSS into CSS, AND minifying, AND producing RTL versions.. Separating the styles task up into subtasks that save an intermediary file might be needed.
Hold task specific lint files (.jshintrc etc) inside this package, with override if present in theme.
I think the ideal behaviour would be to look for task-specific files (like .jshintrc, .scss-lint.yml etc.) in this package (have the default config point to them), but if they are present in the root of the consuming theme, then use those instead. If we can get away without having to make the consuming theme package explicitly state the paths to them in the config, even better.
Running self tasks
Trying to run self tasks with gulp on the files in this repo doesn't work:
Running it when in the context of a theme repo, does:
This seems odd though. Clearly we have no Gulpfile, but perhaps we could do something with npm scripts, so that we can run self tests, or just bite the bullet and add in a Gulpfile here?
Docs: Show how to add custom task
It would be handy to show how to add a custom task. For instance, the developer needs to add the ability to zip up specific files (with some exclusions) into multiple zip files. Where should the task file go? How does the new task get wired up?
Should build:potomo be part of build:i18n?
The build:i18n process generates the .pot file into develop/languages, but doesn't try to convert .po files in the same directory to .mo files in languages.
Should it?
Right now build:potomo is not part of the default build process at all.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.