I've used this and it works just fine: https://github.com/teknql/shadow-cljs-tailwind-jit

shadow-css doesn't use tailwind in any way for anything, it only borrows the naming scheme. the css generation is entirely independent

tailwind needs a jit because otherwise the css is huge

shadow-css only generates whats needed anyways, so basically is jit anyways

I was asking myself if I e.g. could do padding-[50px] like I could with Tailwind but yeah, I could get the same result with {:padding "50px"}

yeah :padding-[50px] is not a valid keyword, so can't do that

could you post them? but in general I'd doubt that they matter. in general dev/test/build time tooling cannot be exploited in the wild Relatedly, it's a good idea to only pass nvd-clojure a classpath that accurately represents your production classpath. This project tries to be as pedantic about this as possible (internally and in its README) but there's still room for human mistakes :)

yeah what would they be? nothing from shadow-cljs, except the final release outputs, should be anywhere near a production environments, so it really shouldn't matter

I'd still be curious to know what they are 🙂

Hello, I'd appreciate your time. The security problem and the library

looks like both are dev-time servers. If you don't run such servers in production you're on the safe side

yeah, since you hopefully don't use shadow-cljs as your production webserver this really doesn't matter

yes, I wont

the CVE are also about the AJP adapter which shadow-cljs doesn't use

what is that shadow-undertow?

https://github.com/thheller/shadow-undertow

oh, it's a webserver

CLJ wrapper for the undertow http server

used for the websockets, dev-http etc

yes, the websockets lib I use is fixed in my deps, thank you