Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/mandolyte/mdtopdf
This package depends on two other packages:
fpdf
packace to generate the PDFBoth of the above are documented at Go Docs.
The tests included here are from the BlackFriday package. See the "testdata" folder. The tests create PDF files and thus while the tests may complete without errors, visual inspection of the created PDF is the only way to determine if the tests really pass!
The tests create log files that trace the BlackFriday parser callbacks. This is a valuable debug tool showing each callback and data provided in each while the AST is presented.
2019-09-23: It appears that the BlackFriday project is no longer active.
There is a fork gomarkdown/markdown
that I may be able to move to
in the future if needed.
The supported elements of markdown are:
How to use of non-Latin fonts/languages is documented in a section below.
It is common for Markdown to include HTML. HTML is treated as a "code block". There is no attempt to convert raw HTML to PDF.
Github-flavored Markdown permits strikethough using tildes. This is not supported at present by fpdf
as a font style.
The markdown link title, which would show when converted to HTML as hover-over text, is not supported. The generated PDF will show the actual URL that will be used if clicked, but this is a function of the PDF viewer.
Currently all levels of unordered lists use a dash for the bullet. This is a planned fix; see here.
Definition lists are not supported (not sure that markdown supports them -- I need to research this)
The following text features may be tweaked: font, size, spacing, styile, fill color, and text color. These are exported and available via the Styler
struct. Note that fill color only works if the text is ouput using CellFormat(). This is the case for: tables, codeblocks, and backticked text.
Tables are supported, but no attempt is made to ensure fit. You can, however, change the font size and spacing to make it smaller. See example.
To install the package, run the usual go get
:
$ go get github.com/mandolyte/mdtopdf
You can also install the md2pdf
binary directly onto your $GOBIN
dir with:
$ go install github.com/mandolyte/mdtopdf/cmd/md2pdf@latest
mdtopdf
supports colourised output via the gohighlight module.
For examples, see testdata/Markdown Documentation - Syntax.text
and testdata/Markdown Documentation - Syntax.pdf
In the cmd
folder is an example using the package. It demonstrates
a number of features. The test PDF was created with this command:
$ go run md2pdf.go -i test.md -o test.pdf
To benefit from Syntax highlighting, invoke thusly:
$ go run md2pdf.go -i syn_test.md -s /path/to/syntax_files -o test.pdf
This repo has the gohighlight module configured as a submodule so if you clone
with --recursive
, you will have the highlight
dir in its root. Alternatively, you may issue the below to update an
existing clone:
git submodule update --remote
Note 1: the cmd
folder has an example for the syntax highlighting.
See the script run_syntax_highlighting.sh
. This example assumes that
the folder with the syntax files is located at relative location:
../../../jessp01/gohighlight/syntax_files
.
Note 2: when annotating the code block to specify the language, the annotation name must match syntax base filename.
-i string
Input text filename; default is os.Stdin
-o string
Output PDF filename; required
-s string
Path to github.com/jessp01/gohighlight/syntax_files
--new-page-on-hr
Interpret HR as a new page; useful for presentations
--page-size string
[A3 | A4 | A5] (default "A4")
--theme string
[light|dark] (default "light")
--title string
Presentation title
--author string
Author; used if -footer is passed
--font-file string
path to font file to use
--font-name string
Font name ID; e.g 'Helvetica-1251'
--unicode-encoding string
e.g 'cp1251'
--with-footer
Print doc footer (author title page number)
--help
Show usage message
For example, the below will:
My Grand Title
Random Bloke
as the author (used in the footer)---
); useful for creating presentationsauthor name, title, page number
)$ go run md2pdf.go -i /path/to/md \
-o /path/to/pdf --title "My Grand Title" --author "Random Bloke" \
--theme dark --new-page-on-hr --with-footer
In order to use a non-ASCII language there are a number things that must be done. The PDF generator must be configured WithUnicodeTranslator:
// https://en.wikipedia.org/wiki/Windows-1251
pf := mdtopdf.NewPdfRenderer("", "", *output, "trace.log", mdtopdf.WithUnicodeTranslator("cp1251"))
In addition, this package's Styler
must be used to set the font to match that is configured with the PDF generator.
A complete working example may be found for Russian in the cmd
folder nameed
russian.go
.
For a full example, run:
$ go run md2pdf.go -i russian.md -o russian.pdf \
--unicode-encoding cp1251 --font-file helvetica_1251.json --font-name Helvetica_1251
In order to update pkg.go.dev
with latest release, the following will do the trick.
Essentially, it is creating a module and then running the go get command for the
desired release.
Using the proxy will have the side effect of updating the info on the go pkg web site.
$ pwd
/home/cecil/Downloads
$ mkdir tmp
$ cd tmp
$ ls
$ go mod init example.com/mypkg
go: creating new go.mod: module example.com/mypkg
$ cat go.mod
module example.com/mypkg
go 1.20
$ GOPROXY=https://proxy.golang.org GO111MODULE=on go get github.com/mandolyte/mdtopdf@v1.4.1
go: added github.com/go-pdf/fpdf v0.8.0
go: added github.com/jessp01/gohighlight v0.21.1-7
go: added github.com/mandolyte/mdtopdf v1.4.1
go: added github.com/russross/blackfriday/v2 v2.1.0
go: added gopkg.in/yaml.v2 v2.4.0
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.