mdast-zone
Advanced tools
mdast utility to treat HTML comments as ranges.
Useful in remark plugins.
This package is ESM only:
Node 12+ is needed to use it and it must be imported instead of required.
npm:
npm install mdast-zone
Say we have the following file, example.md:
<!--foo start-->
Foo
<!--foo end-->
And our script, example.js, looks as follows:
import toVFile from 'to-vfile'
import remark from 'remark'
import {zone} from 'mdast-zone'
remark()
.use(plugin)
.process(toVFile.readSync('example.md'), function(err, file) {
if (err) throw err
console.log(String(file))
})
function plugin() {
return transform
function transform(tree) {
zone(tree, 'foo', mutate)
}
function mutate(start, nodes, end) {
return [
start,
{type: 'paragraph', children: [{type: 'text', value: 'Bar'}]},
end
]
}
}
Now, running node example yields:
<!--foo start-->
Bar
<!--foo end-->
This package exports the following identifiers: zone.
There is no default export.
zone(tree, name, handler)Search tree for comment ranges (“zones”).
tree (Node) — Tree to search for rangesname (string) — Name of ranges to search forhandler (Function) — Function invoked for each found rangefunction handler(start, nodes, end)Invoked with the two markers that determine a range: the first start
and the last end, and the content inside.
start (Node) — Start of range (an HTML comment node)nodes (Array.<Node>) — Nodes between start and endend (Node) — End of range (an HTML comment node)Array.<Node>? — List of nodes to replace start, nodes, and end
with, optional.
Improper use of handler can open you up to a cross-site scripting (XSS)
attack as the value it returns is injected into the syntax tree.
This can become a problem if the tree is later transformed to hast.
The following example shows how a script is injected that could run when loaded
in a browser.
function handler(start, nodes, end) {
return [start, {type: 'html', value: 'alert(1)'}, end]
}
Yields:
<!--foo start-->
<script>alert(1)</script>
<!--foo end-->
Either do not use user input or use hast-util-santize.
mdast-util-heading-range
— use headings as ranges instead of commentsSee contributing.md in syntax-tree/.github for ways to get
started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
mdast utility to treat HTML comments as ranges or markers
The npm package mdast-zone receives a total of 2,048 weekly downloads. As such, mdast-zone popularity was classified as popular.
We found that mdast-zone demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.