Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
mdast-util-to-string
Advanced tools
What is mdast-util-to-string?
The mdast-util-to-string package is a utility to extract plain text strings from an MDAST (Markdown Abstract Syntax Tree) node. It is commonly used when working with markdown processing or AST manipulation to get the string representation of a node without any markdown syntax.
What are mdast-util-to-string's main functionalities?
Extracting string from MDAST node
This feature allows you to pass an MDAST node to the `toString` function and receive a plain text string in return. It's useful for extracting readable text from markdown content.
const toString = require('mdast-util-to-string');
const mdast = {
type: 'paragraph',
children: [{type: 'text', value: 'Hello, world!'}]
};
const text = toString(mdast);
console.log(text); // 'Hello, world!'Other packages similar to mdast-util-to-string
hast-util-to-text
Similar to mdast-util-to-string, hast-util-to-text is a utility for converting HAST (Hypertext Abstract Syntax Tree) nodes to plain text strings. While mdast-util-to-string works with markdown, hast-util-to-text is used for HTML content.
unist-util-stringify-position
This package is similar in that it also operates on AST nodes, specifically UNIST nodes, to stringify the position of a node. It's different from mdast-util-to-string as it focuses on the position rather than extracting the text content.
remark-stringify
Remark-stringify is part of the remark ecosystem and is used to serialize markdown. It is similar to mdast-util-to-string in that it deals with markdown content, but it focuses on converting the entire MDAST back to a markdown string, rather than extracting plain text.
mdast-util-to-string
mdast utility to get the text content of a node.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This package is a tiny utility that gets the textual content of a node.
When should I use this?
This utility is useful when you have a node, say a heading, and want to get the text inside it.
This package does not serialize markdown, that’s what
mdast-util-to-markdown does.
Similar packages, hast-util-to-string and
hast-util-to-text, do the same but on hast.
Install
This package is ESM only. In Node.js (version 16+), install with npm:
npm install mdast-util-to-string
In Deno with esm.sh:
import {toString} from 'https://esm.sh/mdast-util-to-string@4'
In browsers with esm.sh:
<script type="module">
import {toString} from 'https://esm.sh/mdast-util-to-string@4?bundle'
</script>
Use
import {fromMarkdown} from 'mdast-util-from-markdown'
import {toString} from 'mdast-util-to-string'
const tree = fromMarkdown('Some _emphasis_, **importance**, and `code`.')
console.log(toString(tree)) // => 'Some emphasis, importance, and code.'
API
This package exports the identifier toString.
There is no default export.
toString(value[, options])
Get the text content of a node or list of nodes.
Prefers the node’s plain-text fields, otherwise serializes its children, and if the given value is an array, serialize the nodes in it.
Parameters
Returns
Serialized value (string).
Options
Configuration (TypeScript type).
Fields
includeImageAlt(boolean, default:true) — whether to usealtforimagesincludeHtml(boolean, default:true) — whether to usevalueof HTML
Types
This package is fully typed with TypeScript.
It exports the additional type Options.
Compatibility
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, mdast-util-to-string@^4,
compatible with Node.js 16.
Security
Use of mdast-util-to-string does not involve hast, user content, or
change the tree, so there are no openings for cross-site scripting (XSS)
attacks.
Related
hast-util-to-string— get text content in hasthast-util-to-text— get text content in hast according to theinnerTextalgorithm
Contribute
See contributing.md in syntax-tree/.github for
ways to get started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
License
FAQs
mdast utility to get the plain text content of a node
The npm package mdast-util-to-string receives a total of 11,265,543 weekly downloads. As such, mdast-util-to-string popularity was classified as popular.
We found that mdast-util-to-string demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 07 Jul 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025