Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
markdown-it-github-headings
Advanced tools
Changelog
2.0.1 2022-06-09
Readme
Add GitHub style anchor tags to headers
npm install markdown-it-github-headings
var md = require('markdown-it')()
.use(require('markdown-it-github-headings'), options)
The defaults will make the heading anchors behave as close to how GitHub behaves as possible.
Name | Description | Default |
---|---|---|
className | name of the class that will be added to the anchor tag | anchor |
prefixHeadingIds | add a prefix to each heading ID. (see security note below) | true |
prefix | if prefixHeadingIds is true, use this string to prefix each ID. | user-content- |
enableHeadingLinkIcons | Adds the icon next to each heading | true |
linkIcon | If enableHeadingLinkIcons is true, use this to supply a custom icon (or anything really) | |
resetSlugger | reset the slugger counter between .render calls for duplicate headers. (See tests for example) | true |
When using user generated content, its possible to run into DOM Clobbering when heading IDs are generated. Since IDs are used by JavaScript and CSS, a user could craft a page that breaks functionality or styles. A good way to avoid clobbering is to add a prefix to every generated ID to ensure they cannot overlap with existing IDs.
If you have full control over the content, there is less of a risk, but be aware that strange bugs related to DOM Clobbering are still possible!
For more information, here are some good resources on the topic:
One solution is to write some client side JavaScript to force non-prefixed hashes to jump to prefixed anchors. This is how its handled on GitHub and npmjs.com.
Check out marky-deep-links for an example (works great with browserify or webpack).
Contributions welcome! Please read the contributing guidelines first.
FAQs
Add GitHub style anchor tags to headers
The npm package markdown-it-github-headings receives a total of 1,467 weekly downloads. As such, markdown-it-github-headings popularity was classified as popular.
We found that markdown-it-github-headings demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.