{"id":15066639,"url":"https://github.com/loilo/node-sass-yaml-importer","last_synced_at":"2025-09-09T23:47:44.200Z","repository":{"id":38361845,"uuid":"90963791","full_name":"loilo/node-sass-yaml-importer","owner":"loilo","description":"Allows importing YAML in Sass files parsed by node-sass.","archived":false,"fork":false,"pushed_at":"2025-06-10T08:50:39.000Z","size":1028,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-16T18:51:41.062Z","etag":null,"topics":["importer","nodejs","sass","variables","yaml"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/loilo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-05-11T09:48:08.000Z","updated_at":"2025-06-10T08:50:37.000Z","dependencies_parsed_at":"2024-08-13T22:25:50.264Z","dependency_job_id":"cf3b202f-a4cd-44cb-9ac5-eaa0c4397101","html_url":"https://github.com/loilo/node-sass-yaml-importer","commit_stats":{"total_commits":206,"total_committers":17,"mean_commits":"12.117647058823529","dds":0.441747572815534,"last_synced_commit":"6034d203d83ab4bfaa96f591423726248e435c2e"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/loilo/node-sass-yaml-importer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loilo%2Fnode-sass-yaml-importer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loilo%2Fnode-sass-yaml-importer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loilo%2Fnode-sass-yaml-importer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loilo%2Fnode-sass-yaml-importer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/loilo","download_url":"https://codeload.github.com/loilo/node-sass-yaml-importer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loilo%2Fnode-sass-yaml-importer/sbom","scorecard":{"id":85460,"data":{"date":"2022-08-15","repo":{"name":"github.com/loilo/node-sass-yaml-importer","commit":"24c03218b7b31d58e0fdacc109d8a0483b76724c"},"scorecard":{"version":"v4.5.0-26-g10b6052","commit":"10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93"},"score":6.6,"checks":[{"name":"Code-Review","score":10,"reason":"all last 30 commits are reviewed through GitHub","details":null,"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 1 issue activity out of 3 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no badge detected","details":null,"documentation":{"short":"Determines if the project has a CII Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#packaging"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: Dependabot detected: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"non read-only tokens detected in GitHub workflows","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/l-orlov/task-tracker/test.yml/main?enable=permissions"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: : LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/l-orlov/task-tracker/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/l-orlov/task-tracker/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:34","Info: Third-party GitHubActions are pinned","Info: Dockerfile dependencies are pinned","Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles","Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"],"documentation":{"short":"Determines if the project has declared and pinned its dependencies.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":null,"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#fuzzing"}}]},"last_synced_at":"2025-08-15T06:51:02.736Z","repository_id":38361845,"created_at":"2025-08-15T06:51:02.736Z","updated_at":"2025-08-15T06:51:02.736Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274384639,"owners_count":25275299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["importer","nodejs","sass","variables","yaml"],"created_at":"2024-09-25T01:10:10.675Z","updated_at":"2025-09-09T23:47:44.180Z","avatar_url":"https://github.com/loilo.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-sass-yaml-importer\n\n[![Tests](https://img.shields.io/github/actions/workflow/status/loilo/node-sass-yaml-importer/test.yml?label=tests)](https://github.com/loilo/node-sass-yaml-importer/actions)\n[![Version on npm](https://img.shields.io/npm/v/node-sass-yaml-importer)](https://www.npmjs.com/package/node-sass-yaml-importer)\n\n\u003e Node.js based YAML importer for [Sass](https://sass-lang.com/)\n\nThis package makes the `@import`/`@use` rules in Sass work with YAML files through custom importers for the [current](https://sass-lang.com/documentation/js-api/interfaces/importer/) as well as the [legacy](https://sass-lang.com/documentation/js-api/types/legacyimporter/) Sass JavaScript API.\n\nSince YAML is a superset of JSON, this importer can also be used to import JSON files.\n\n## Usage in SCSS Code\n\nGiven the following `colors.yml` file:\n\n```yaml\nprimary: blue\nsecondary: red\n```\n\nThe importer allows your Sass file in the same folder to do this:\n\n```scss\n@import 'colors.yml';\n\n.some-class {\n  background: $primary;\n}\n```\n\nNote that [`@import` is somewhat deprecated](https://sass-lang.com/documentation/at-rules/import) and you should use `@use` instead:\n\n```scss\n@use 'colors.yml';\n\n.some-class {\n  // Data is automatically namespaced:\n  background: colors.$primary;\n}\n```\n\nTo achieve the same behavior as with `@import`, you can [change the namespace to `*`](https://sass-lang.com/documentation/at-rules/use#choosing-a-namespace):\n\n```scss\n@use 'colors.yml' as *;\n\n.some-class {\n  // Colors are no longer namespaced:\n  background: $primary;\n}\n```\n\n### Importing Strings\n\nAs YAML values don't map directly to Sass's data types, a common source of confusion is how to handle strings. While [Sass allows strings to be both quoted and unqouted](https://sass-lang.com/documentation/values/strings#unquoted), strings containing spaces, commas and/or other special characters have to be wrapped in quotes.\n\nThe importer will automatically add quotes around all strings that are not valid unquoted strings or hex colors (and that are not already quoted, of course):\n\n\u003c!-- prettier-ignore --\u003e\nInput | Output | Explanation\n-|-|-\n`color: red`\u003cbr\u003e`color: \"red\"`\u003cbr\u003e↑ Equivalent YAML expressions | `$color: red;` | Valid unquoted string\n`color: \"#f00\"` | `$color: #f00;` | Valid hex color\n`color: \"'red'\"` | `$color: \"red\";` | Explicitly quoted string\n`color: \"really red\"` | `$color: \"really red\";` | Invalid (multi-word) unquoted string\n\n### Map Keys\n\nMap keys are always quoted by the importer:\n\n```yaml\n# colors.yml\ncolors:\n  red: '#f00'\n```\n\n```scss\n@use 'colors.yml' as *;\n\n:root {\n  // This does not work:\n  color: map-get($colors, red);\n\n  // Do this instead:\n  color: map-get($colors, 'red');\n}\n```\n\n### Resolving Paths\n\nThe importer tries to stick to the same path resolution logic as Sass itself. This means that it tries to interpret import requests as (relative) file system paths:\n\n```scss\n// In /path/to/some-file.scss\n@use 'config/colors.yml'; // Resolves to /path/to/config/colors.yml\n```\n\nIf no according file can be found, further resolving depends on the kind of importer you're using:\n\n- When using the [`sass-loader` factories](#sass-loader-for-webpackrspack), the importer will try to resolve paths the same way webpack does. This means that you can use npm package names or webpack aliases to reference your YAML files.\n- When using the Sass compiler directly [with the legacy Sass JavaScript API](#sass-with-legacy-javascript-api), the importer will try to find the requested file inside the configured [`includedPaths`](https://sass-lang.com/documentation/js-api/interfaces/legacystringoptions/#includePaths).\n- In contrast, using the Sass compiler directly [with the modern Sass JavaScript API](#sass-with-modern-javascript-api) will _not_ consider the [`loadPaths`](https://sass-lang.com/documentation/js-api/interfaces/options/#loadPaths) option, as the modern API purposefully does not share Sass options with importers.\n\n## Setting up the Importer\n\n\u003e [!NOTE]\n\u003e\n\u003e Some notes on the code samples below:\n\u003e\n\u003e 1. The examples make use of ES modules, but the importer will work in CommonJS environments just fine.\n\u003e 2. Examples are using the [`sass`](https://npmjs.com/package/sass) package. However, the same code should work equally well with [`sass-embedded`](https://npmjs.com/package/sass-embedded). The legacy API examples should even work with [`node-sass`](https://www.npmjs.com/package/node-sass) (although this is no longer tested since Node Sass has been deprecated).\n\n### Sass with Modern JavaScript API\n\n```js\nimport * as sass from 'sass'\nimport { yamlImporter } from 'node-sass-yaml-importer'\n\nsass.compile('some-file.scss', {\n  importers: [yamlImporter],\n})\n```\n\n### Sass with Legacy JavaScript API\n\n```js\nimport * as sass from 'sass'\nimport { legacyYamlImporter } from 'node-sass-yaml-importer'\n\nsass.renderSync({\n  file: 'some-file.scss',\n  importer: [legacyYamlImporter],\n})\n```\n\n### [sass-loader](https://github.com/webpack-contrib/sass-loader) (for [webpack](https://webpack.js.org/)/[rspack](https://rspack.dev/))\n\nThis package exposes the `createSassLoaderYamlImporter`/`createSassLoaderLegacyYamlImporter` factory functions to create importers that work well with `sass-loader`.\n\nWhile you could just use the importers directly (as documented in the previous section), the `sass-loader`-specific factory functions enable you to use webpack's request resolution (like pointing to npm packages or aliases) to reference your YAML files. Learn more about this in the [Resolving Paths](#resolving-paths) section.\n\nTo use the importer factory with `sass-loader`, you need to pass a function to its `sassOptions` option to get access to the `loaderContext` object. This object then needs to be passed to the importer factory:\n\n```js\n// webpack.config.js / rspack.config.js\n\nimport { createSassLoaderYamlImporter } from 'node-sass-yaml-importer'\n\nexport default {\n  // ...\n  {\n    loader: 'sass-loader',\n    options: {\n      sassOptions: loaderContext =\u003e ({\n        return {\n          importers: [\n            createSassLoaderYamlImporter(loaderContext)\n          ],\n        }\n      },\n    },\n  },\n  // ...\n}\n```\n\n\u003e [!NOTE]\n\u003e\n\u003e While the code above uses the importer for the modern Sass JavaScript API, you can also create a legacy importer through the `createSassLoaderLegacyYamlImporter` factory instead. In that case, make sure to also adjust the [`api`](https://github.com/webpack-contrib/sass-loader#api) option accordingly, if needed.\n\n## Credit\n\nThe initial implementation of this importer was based on the [node-sass-json-importer](https://github.com/pmowrer/node-sass-json-importer) package.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floilo%2Fnode-sass-yaml-importer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Floilo%2Fnode-sass-yaml-importer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floilo%2Fnode-sass-yaml-importer/lists"}