markdown-sanitizers
Advanced tools
This repository contains 2 related npm packages concerned with hardening markdown against [data exfiltration attacks through LLM prompt-injection](https://vercel.com/blog/building-secure-ai-agents#exfiltration-through-model-output).
This repository contains 2 related npm packages concerned with hardening markdown against data exfiltration attacks through LLM prompt-injection.
The 2 projects which address 2 different use cases:
This is the more common use-case. It's also the variant that is easier to secure, because you have full control over the process.
harden-react-markdown is a wrapper for the
popular react-markdown package giving it more secure defaults, and giving you the ability to allow-list URL prefixes in images
and links.
We created markdown-to-markdown-sanitizer for this use-case. Generally speaking, this is less secure than sanitizing the final rendered output such as the generated HTML. Hence, this package should only be used when the markdown is rendered by a third-party such as GitHub or GitLab.
The packages in this repository have subtle security properties. Use at your own risk (see LICENSE) and perform your own security testing for specific application.
FAQs
This repository contains 2 related npm packages concerned with hardening markdown against [data exfiltration attacks through LLM prompt-injection](https://vercel.com/blog/building-secure-ai-agents#exfiltration-through-model-output).
The npm package markdown-sanitizers receives a total of 0 weekly downloads. As such, markdown-sanitizers popularity was classified as not popular.
We found that markdown-sanitizers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.
