Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
mdast-util-gfm-autolink-literal-lemmy
Advanced tools
mdast extension to parse and serialize GFM autolink literals
mdast extensions to parse and serialize GFM autolink literals.
This package contains two extensions that add support for GFM autolink literals
syntax in markdown to mdast.
These extensions plug into
mdast-util-from-markdown
(to support parsing
GFM autolinks in markdown into a syntax tree) and
mdast-util-to-markdown
(to support serializing
GFM autolinks in syntax trees to markdown).
GitHub employs different algorithms to autolink: one at parse time and one at
transform time (similar to how @mentions
are done at transform time).
This difference can be observed because character references and escapes are
handled differently.
But also because issues/PRs/comments omit (perhaps by accident?) the second
algorithm for www.
, http://
, and https://
links (but not for email links).
As the corresponding micromark extension
micromark-extension-gfm-autolink-literal
is a syntax extension,
it can only perform the first algorithm.
The tree extension gfmAutolinkLiteralFromMarkdown
from this package can
perform the second algorithm, and as they are combined, both are done.
You can use these extensions when you are working with
mdast-util-from-markdown
and mdast-util-to-markdown
already.
When working with mdast-util-from-markdown
, you must combine this package
with
micromark-extension-gfm-autolink-literal
.
When you don’t need a syntax tree, you can use micromark
directly with micromark-extension-gfm-autolink-literal
.
When you are working with syntax trees and want all of GFM, use
mdast-util-gfm
instead.
All these packages are used remark-gfm
, which
focusses on making it easier to transform content by abstracting these
internals away.
This utility does not handle how markdown is turned to HTML.
That’s done by mdast-util-to-hast
.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install mdast-util-gfm-autolink-literal
In Deno with esm.sh
:
import {gfmAutolinkLiteralFromMarkdown, gfmAutolinkLiteralToMarkdown} from 'https://esm.sh/mdast-util-gfm-autolink-literal@2'
In browsers with esm.sh
:
<script type="module">
import {gfmAutolinkLiteralFromMarkdown, gfmAutolinkLiteralToMarkdown} from 'https://esm.sh/mdast-util-gfm-autolink-literal@2?bundle'
</script>
Say our document example.md
contains:
www.example.com, https://example.com, and contact@example.com.
…and our module example.js
looks as follows:
import fs from 'node:fs/promises'
import {gfmAutolinkLiteral} from 'micromark-extension-gfm-autolink-literal'
import {fromMarkdown} from 'mdast-util-from-markdown'
import {
gfmAutolinkLiteralFromMarkdown,
gfmAutolinkLiteralToMarkdown
} from 'mdast-util-gfm-autolink-literal'
import {toMarkdown} from 'mdast-util-to-markdown'
const doc = await fs.readFile('example.md')
const tree = fromMarkdown(doc, {
extensions: [gfmAutolinkLiteral()],
mdastExtensions: [gfmAutolinkLiteralFromMarkdown()]
})
console.log(tree)
const out = toMarkdown(tree, {extensions: [gfmAutolinkLiteralToMarkdown()]})
console.log(out)
…now running node example.js
yields (positional info removed for brevity):
{
type: 'root',
children: [
{
type: 'paragraph',
children: [
{
type: 'link',
title: null,
url: 'http://www.example.com',
children: [{type: 'text', value: 'www.example.com'}]
},
{type: 'text', value: ', '},
{
type: 'link',
title: null,
url: 'https://example.com',
children: [{type: 'text', value: 'https://example.com'}]
},
{type: 'text', value: ', and '},
{
type: 'link',
title: null,
url: 'mailto:contact@example.com',
children: [{type: 'text', value: 'contact@example.com'}]
},
{type: 'text', value: '.'}
]
}
]
}
[www.example.com](http://www.example.com), <https://example.com>, and <contact@example.com>.
This package exports the identifiers
gfmAutolinkLiteralFromMarkdown
and
gfmAutolinkLiteralToMarkdown
.
There is no default export.
gfmAutolinkLiteralFromMarkdown()
Create an extension for mdast-util-from-markdown
to enable GFM autolink literals in markdown.
Extension for mdast-util-to-markdown
to enable GFM autolink literals
(FromMarkdownExtension
).
gfmAutolinkLiteralToMarkdown()
Create an extension for mdast-util-to-markdown
to
enable GFM autolink literals in markdown.
Extension for mdast-util-to-markdown
to enable GFM autolink literals
(ToMarkdownExtension
).
This utility does not handle how markdown is turned to HTML.
That’s done by mdast-util-to-hast
.
See Syntax in micromark-extension-gfm-autolink-literal
.
There are no interfaces added to mdast by this utility, as it reuses the existing Link interface.
This package is fully typed with TypeScript. It does not export additional types.
The Link
type of the mdast nodes is exposed from @types/mdast
.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line,
mdast-util-gfm-autolink-literal@^2
, compatible with Node.js 16.
This utility works with mdast-util-from-markdown
version 2+ and
mdast-util-to-markdown
version 2+.
remarkjs/remark-gfm
— remark plugin to support GFMsyntax-tree/mdast-util-gfm
— same but all of GFM (autolink literals, footnotes, strikethrough, tables,
tasklists)micromark/micromark-extension-gfm-autolink-literal
— micromark extension to parse GFM autolink literalsSee contributing.md
in syntax-tree/.github
for
ways to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
mdast extension to parse and serialize GFM autolink literals
We found that mdast-util-gfm-autolink-literal-lemmy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.