Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
@hyrious/gfm
Advanced tools
Preview GitHub Flavored Markdown
This repo provides a site, a cli tool, a nodejs library and a deno library. Below is the library description.
Install
# globally (as cli)
> npm i -g @hyrious/gfm
# locally (as library)
> npm i -D @hyrious/gfm
# deno see below
Usage
As cli:
Note: only one *.md maybe passed to
gfm, multiple files are ignored.
> gfm file.md
<p>content of this file</p>
> cat file.md | gfm
<p>content of this file</p>
# start a local server (like the site, with hot reloading enabled)
> gfm --serve file.md
# you may want to use a token to increase rate limit,
# simply append --token and it will ask for it before going.
> gfm file.md --token
Input Token (invisible): ******
<p>content of this file</p>
As library:
import { render } from "@hyrious/gfm";
const rateLimit = {};
const html = await render("# markdown", { token, rateLimit });
console.log(rateLimit, html);
As deno library (you have to use it with --allow-net):
import { render } from "https://esm.run/@hyrious/gfm";
// same interface as nodejs library
As native browser module:
<script type="module">
import { render } from "https://esm.run/@hyrious/gfm";
</script>
As iife or umd (like jquery):
<script src="https://cdn.jsdelivr.net/npm/@hyrious/gfm"></script>
<script>GFM.render("# hello").then(text => {})</script>
Note: render results are not cached, you should implement caching on your own.
Why
The library is written in .mjs to use vanilla import in nodejs (since 14).
It then uses rollup to convert mjs to cjs for require users.
It uses browser, module and conditional exports in package.json to support many platforms.
I personally made this package for a reference of the correct way to support multiple environments in one package. You (Me) should look at package.json for more details.
package.json with comments
{
// node's require and import, to override it, see "exports"
"main": "dist/index.js",
// https://nodejs.org/api/packages.html#packages_conditional_exports
"exports": {
"import": "./src/index.mjs",
"require": "./dist/index.js"
},
// front-end bundler read this (like vite or webpack)
"module": "src/index.browser.mjs",
// cdn like jsdelivr read this
"browser": "dist/index.browser.js"
}
Licence
MIT @ hyrious
Keywords
FAQs
Use GitHub API to render markdown.
We found that @hyrious/gfm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Jan 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026