Back to Explore

postcss/postcss-selector-parser

GitHub
5 updates · last 90 days2 watchersOpen source

Last release:

postcss-selector-parser is a CSS selector parser with built-in methods for working with selector strings, and it integrates with PostCSS without requiring it. It is useful for transforming selector text and normalizing selector whitespace, including sync processing and async Promise-based processing.

Project status

  • Actively maintained, with upstream pushes and multiple recent patch updates in June 2026 (last push 2026-06-12), suggesting ongoing engineering rather than a quiet period.
  • Apparent update cadence is currently frequent (at least several patch-level updates within about a week across 6.1.x and 7.1.x), and the focus is both on security and robustness fixes.

AI summary generated

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 6.1.4

    Release 6.1.4 is a targeted fix for selector serialization when the AST contains unexpected non-node children. It updates the internal stringify logic to tolerate raw values (such as arrays) during selector toString serialization.

  • 7.1.4

    postcss-selector-parser 7.1.4 includes a fix to make selector serialization more tolerant when selector nodes contain non-node children. Instead of assuming every child has a _stringify method, the serializer now falls back to String(child) when a child is not a parser node.

  • 6.1.3

    Release 6.1.3 is a patch release that backports a security fix for CVE-2026-9358 in postcss-selector-parser. The release notes only mention this security fix, with no additional functional or API documentation.

    BreakingSecurity
  • 7.1.3

    Release 7.1.3 focuses on improving a security fix for CVE-2026-9358. The update specifically targets behavior in the clone/walk path (referenced via SNYK-JS-POSTCSSSELECTORPARSER-16873882).

    Security
  • 7.1.2

    Release 7.1.2 fixes CVE-2026-9358 by preventing uncontrolled recursion when parsing and serializing extremely deeply nested selectors. The code change introduces a depth limit that turns what could be a call stack overflow into a catchable error.

    BreakingSecurityFeatures
  • v7.1.1

    v7.1.1 contains a small parsing micro-optimization and a TypeScript typing update. The only runtime code change in the diff is swapping a string startsWith check for direct index-based equality in src/parser.js.

  • v7.1.0

    v7.1.0 adds support for inserting multiple nodes with container.insertBefore and container.insertAfter. The test suite is extended to cover the new multi-node insertion behavior.

    BreakingFeatures
  • v7.0.0

    v7.0.0 introduces safer behavior for insertions that occur while iterating a selector container (major change). The code changes focus on how the container updates internal iteration indexes when nodes are inserted via prepend/insertBefore/insertAfter, and the test suite was rewritten to assert the new outcomes.

    BreakingFeatures
  • v6.1.2

    v6.1.2 is a small maintenance release focused on correcting selector parsing behavior in pseudos, specifically around trailing combinators. The code change updates the whitespace/combinator parsing logic and adds regression tests for selectors that end with comments and whitespace, including inside :is() pseudos.

  • v6.1.1

    Release v6.1.1 is a small maintenance update focused on TypeScript typing improvements for selector constructor helper functions. The diff also includes a dependency lockfile update and a new unit test covering nesting construction.

  • v6.1.0

    v6.1.0 introduces a new `sourceIndex` field on `Selector` nodes and updates the parser to populate it from token start positions. Release notes document the feature, and most changes in this diff are test coverage and parser wiring.

    Features
  • v6.0.16

    Release v6.0.16 updates the TypeScript type definitions for `each` and `walk` callbacks to include the missing `index` parameter. The code diff also updates tests and the repo’s typechecking workflow to enforce these callback signatures more strictly.

  • v6.0.15

    Release v6.0.15 updates the TypeScript type definitions for postcss-selector-parser to correctly model Node#prev and Node#next on the first and last nodes. The runtime code diff is not shown, but the declaration file changes indicate a typing behavior correction for edge cases.

    Breaking
  • v6.0.14

    v6.0.14 is described as a types-only release (“Fixed: type definitions”). The code diff shows multiple public TypeScript declaration signature changes in postcss-selector-parser.d.ts, plus dependency version bumps (postcss and nanoid) that were not mentioned in the release notes.

    Breaking
  • v6.0.13

    v6.0.13 is a small release focused on correcting how the selector parser handles unexpected pipe symbols ('|'). It adds explicit parser error handling and corresponding tests to ensure invalid pipe usages reliably throw a controlled error.