Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
documentary
Advanced tools
A library to manage documentation, such as README, usage, man pages and changelog.
documentary
is a command-line tool and a library to manage documentation of Node.js packages. Due to the fact that complex README
files are harder to maintain, documentary
serves as a pre-processor of documentation.
yarn add -DE documentary
The doc
client is available after installation. It can be used in a doc
script of package.json
, as follows:
{
"scripts": {
"doc": "doc README-source.md -o README.md",
"dc": "git add README-source.md README.md && git commit -m ",
}
}
Therefore, to run produce an output README.md, the following command will be used:
yarn doc
The dc
command is just a convenience script to commit both source and output files with a passed commit message, such as:
yarn dc 'add copyright'
It might be confusing to have a source and output README.md
file, therefore to prevent errors, the following snippet can be used to hide the compiled file from VS Code search (update the .vscode/settings.json
file):
{
"search.exclude": {
"**/README.md": true
}
}
The processed README-source.md
file will have a generated table of contents, markdown tables and neat titles for API method descriptions.
Table of contents are useful for navigation the README document. When a %TOC%
placeholder is found in the file, it will be replaced with an extracted structure.
- [Table Of Contents](#table-of-contents)
- [CLI](#cli)
* [`-j`, `--jsdoc`: Add JSDoc](#-j---jsdoc-add-jsdoc)
- [API](#api)
- [Copyright](#copyright)
To describe method arguments in a table, but prepare them in a more readable format, documentary
will parse the code blocks with table
language as a table. The blocks must be in JSON
format and contain a single array of arrays which represent rows.
```tаble
[
["arg", "description"],
["-f", "Display only free domains"],
["-z", "A list of zones to check"],
]
```
Result:
arg | description |
---|---|
-f | Display only free domains |
-z | A list of zones to check |
It is possible to generate neat titles useful for API documentation with documentary
. The method signature should be specified as a JSON
array, where every member is an argument specified as an array. The first item in the argument array is the argument name, and the second one is type. Type can be either a string, or an object. If it is an object, each value in the object will first contain the property type, and the second one the default value. To mark a property as optional, the ?
symbol can be used at the end.
async runSoftware(
path: string,
config: {
View: Container,
actions: object,
static?: boolean = true,
render?: function,
},
): string
Generated from
```#️⃣#️⃣#️⃣#️⃣ async runSoftware => string
[
["path", "string"],
["config", {
"View": ["Container"],
"actions": ["object"],
"static?": ["boolean", true],
"render?": ["function"]
}]
]
```
async runSoftware(
path: string,
): void
Generated from
```#️⃣#️⃣#️⃣#️⃣ async runSoftware => string
[
["path", "string"]
]
```
runSoftware(): string
Generated from
```#️⃣#️⃣#️⃣#️⃣ async runSoftware => string
```
Since comments found in <!—— comment ——>
sections are not visible to users, they will be removed from the output document.
documentary
can read a directory and put files together into a single README
file. The files will be sorted in alphabetical order, and their content merged into a single stream. The index.md
and footer.md
are special in this respect, so that the index.md
of a directory will always go first, and the footer.md
will go last.
Example structure used in this project:
README
├── 1-installation-and-usage
│ ├── 1-vs-code.md
│ └── index.md
├── 2-features
│ ├── 1-TOC-generation.md
│ ├── 2-table-display.md
│ ├── 3-method-title.md
│ ├── 4-comment-stripping.md
│ ├── 5-file-splitting.md
│ └── index.md
├── 3-cli.md
├── 4-api
│ ├── 1-toc.md
│ └── index.md
├── footer.md
└── index.md
There are some built-in rules for replacements.
Rule | Description |
---|---|
%NPM: package-name% | Adds an NPM badge, e.g., [![npm version] (https://badge.fury.io/js/documentary.svg)] (https://npmjs.org/package/documentary) |
The program is used from the CLI (or package.json
script).
doc README-source.md [-o README.md] [-t] [-w]
The arguments it accepts are:
argument | Description |
---|---|
-o | Where to save the processed README file. If not specified, the output is written to the stdout . |
-t | Only extract and print the table of contents. |
-w | Watch mode: re-run the program when changes to the source file are detected. |
When NODE_DEBUG=doc
is set, the program will print debug information, e.g.,
DOC 80734: stripping comment
DOC 80734: could not parse the table
The programmatic use of the documentary
is intended for developers who want to use this software in their projects.
new Toc()
Toc is a transform stream which can generate a table of contents.
/* yarn example/toc.js */
import { Toc } from 'documentary'
import Catchment from 'catchment'
import { createReadStream } from 'fs'
import { resolve } from 'path'
import { debuglog } from 'util'
const LOG = debuglog('doc')
const path = resolve(__dirname, 'markdown.md')
;(async () => {
LOG('Reading %s', path)
const md = createReadStream(path)
const rs = new Toc()
md.pipe(rs)
const { promise } = new Catchment({
rs,
})
const res = await promise
console.log(res)
})()
yarn example/toc.js
$ NODE_DEBUG=doc yarn e example/toc.js
$ node example example/toc.js
DOC 13980: Reading /documentary/example/markdown.md
- [Table Of Contents](#table-of-contents)
- [CLI](#cli)
* [`-j`, `--jsdoc`: Add JSDoc](#-j---jsdoc-add-jsdoc)
- [API](#api)
- [Copyright](#copyright)
(c) Art Deco Code 2018
FAQs
Documentation Compiler To Generate The Table Of Contents, Embed Examples With Their Output, Make Markdown Tables, Maintain Typedefs For JavaScript And README, Watch Changes To Push, Use Macros And Prettify API Titles.
We found that documentary demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.