Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A library to convert URLs to a click-able HTML anchor elements
Download the library from dist
folder (either anchorme.js
or anchorme.min.js
).
Install via NPM: npm install anchorme
var anchorme = require("anchorme"); // if installed via NPM
var someText = "this is a text with a link www.github.com ..";
var result = anchorme(someText);
// You can also pass few options
anchorme(someText,{
// attributes to add to the anchor tags
attributes:[
// can be objects
{
name:"target",
value:"_blank",
},
// or functions
function(obj){
if(obj.reason === "email") return {name:"class",value:"email"};
else return {name:"class",value:"regular-link"}
}
// read below to know more about this
// and other options
],
})
To test how this library would work for you, head over to here to test it.
This will convert a long like like this: https://raw.githubusercontent.com/alexcorvi/anchorme.js/gh-pages/src/tests/hasprotocol.js to this: https://raw.githubusercontent.com/alexcorv...
Default Value: 0
(Won't truncate)
Example
anchorme(string,{
truncate:40
})
You can exclude IPs/Emails/URLs/Files like this:
anchorme(string,{
emails:false,
urls:false,
ips:false,
files:false
})
// the example above won't do anything to your string
// since you're excluding every possible change
Default Value: all are true
You can add attributes to the links produced by anchorme. using the attributes
prop in the options. this options should be an array of the attributes you'd like to pass.
Values of this array can be:
anchorme(string,{
attributes:[
{
// attribute name
name:"class",
// attribute value
value:"something"
},
{
name:"target",
value:"blank"
}
]
});
anchorme(string,{
attributes:[
{
name:"class",
value:"link"
},
function(data){
if(data.reason === "ip") return {name:"class",value:"ip-link"};
},
function(data){
if(data.protocol !== "mailto:") return {name:"target",value:"blank"};
// following conditions can also be used:
// if(data.raw.indexOf("@") > 0) return {name:"target",value:"blank"};
// if(data.reason !== "email") return {name:"target",value:"blank"};
}
]
});
Where data
is an object containing detailed info about the link in question. The example above will add ip-link
class to all the links that are IPs, and add target='_blank'
to all the links that are not emails.
If you log the data object you'll get something similar to this:
{
// the reason this fragment
// was detected
// possible reasons: "file", "url", "ip", "email"
"reason": "email",
// the protocol that the link came with
// or the protocol that was added to the link
"protocol": "mailto:",
// the link (without any modification)
"raw": "a@b.co",
// the encoded version of the link
// i.e. non-Latin characters -> URI encoding
// also doesn't have a protocol (if it came with any)
"encoded": "a@b.co",
}
If the link came without protocol, like www.google.com
then anchorme will add the http://
by default. However you can set your own default protocol.
anchorme(string,{
defaultProtocol:"ftp://",
// ... or anything
})
In some cases, you might want the protocol to be set conditionally. Anchorme allows you to pass a function as the defaultProtocol
and uses whatever this function returns.
anchorme(string,{
defaultProtocol:function(url){
// where url is like: "www.google.com"
if(url.indexOf("secure") > 0) return "https://";
else return "http://";
},
})
Although anchorme was authored to transform URLs in text strings to a click-able HTML anchor tags, passing true
to list
property in options will change the library's behavior and instead of returning a text with an HTML tags it will only return an array of valid URLs.
anchorme(myText,{
list:true
})
it can also be used for validation:
anchorme.validate.ip("1.1.1.1:3000/something"); // returns true
anchorme.validate.email("alex@array.com"); // return true
anchorme.validate.url("google.co.uk"); // returns true
cd anchorme.js && npm install
mocha test/run
node build/build
node test/run
License: The MIT License (MIT) - Copyright (c) 2017 Alex Corvi
FAQs
A library to convert URLs to a clickable HTML anchor elements
The npm package anchorme receives a total of 70,529 weekly downloads. As such, anchorme popularity was classified as popular.
We found that anchorme demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.