1

I am using node-sass 4.13.1 which wraps libsass 3.5.4. Due to security reasons we need to update libsass to 3.6.0 without downgrading the node-sass version.

How can this be achieved. Specifying the libsass version in the package.json is not feasible since libsass is not a dependency but rather a wrapped library.

Is it possible to force the use of libsass 3.6.0 after all dependencies for the repo have been installed? Does anybody know a better solution? I am leaning towards looking into how i can edit the scripts part of the package.json file to run a pre-install script which will force the version. Is that a good idea?

Thanks

skal
  • 155
  • 1
  • 2
  • 11

2 Answers2

0

There are forked versions of node-sass that do have 3.6.x in them, as well as a branch within the main project repo. The problem is that you will have to build it yourself in order to use them.

https://github.com/ItsLeeOwen/node-sass/tree/libsass-2b8a17a or https://github.com/sass/node-sass/tree/libsass-3.6.1

for example.

OpenShift Ninja
  • 33
  • 4
0

There is a branch available in node-sass repository which uses LibSass v3.6.3 with node-sass v4.13.1 I also faced the same issue and after doing a lot of research, the below solution worked for me:

Try installing the branch of node-sass from the github repository by using the below command (the package is already built, so you don't have to build it explicitly)

npm install https://github.com/sass/node-sass.git#v5
Ipsita Bhattacharyya
  • 31
  • 6