rehype-external-links
Advanced tools
rehype plugin to automatically add `target` and `rel` attributes to external links
The rehype-external-links package is a plugin for the rehype ecosystem that allows you to easily add attributes to external links in your HTML. This can be useful for adding security features like `rel='noopener noreferrer'` or styling external links differently.
Add target='_blank' to external links
This feature allows you to automatically add `target='_blank'` to all external links, making them open in a new tab.
const rehype = require('rehype');
const rehypeExternalLinks = require('rehype-external-links');
rehype()
.use(rehypeExternalLinks, { target: '_blank' })
.process('<a href="https://example.com">Example</a>', function (err, file) {
if (err) throw err;
console.log(String(file));
});Add rel='noopener noreferrer' to external links
This feature allows you to add `rel='noopener noreferrer'` to all external links, which is a security best practice to prevent the new page from being able to access the window.opener property.
const rehype = require('rehype');
const rehypeExternalLinks = require('rehype-external-links');
rehype()
.use(rehypeExternalLinks, { rel: ['noopener', 'noreferrer'] })
.process('<a href="https://example.com">Example</a>', function (err, file) {
if (err) throw err;
console.log(String(file));
});Customize attributes for external links
This feature allows you to customize multiple attributes for external links, including adding custom content like ' (external)' to the link text.
const rehype = require('rehype');
const rehypeExternalLinks = require('rehype-external-links');
rehype()
.use(rehypeExternalLinks, { target: '_blank', rel: ['noopener', 'noreferrer'], content: ' (external)' })
.process('<a href="https://example.com">Example</a>', function (err, file) {
if (err) throw err;
console.log(String(file));
});rehype-autolink-headings is a plugin that automatically adds links to headings in your HTML. Although its primary use case is different, it shares the common goal of enhancing HTML content by adding links.
rehype-rewrite is a plugin that allows you to rewrite HTML nodes. It provides a more flexible and powerful way to manipulate HTML, including adding attributes to external links, but requires more configuration compared to rehype-external-links.
rehype plugin to add rel (and target) to external links.
This package is a unified (rehype) plugin to add rel (and target)
attributes to external links.
It is particularly useful when displaying user content on your reputable site,
because users could link to disreputable sources (spam, scams, etc), as search
engines and other bots will discredit your site for linking to them (or
legitimize their sites).
In short: linking to something signals trust, but you can’t trust users.
This plugin adds certain rel attributes to prevent that from happening.
unified is a project that transforms content with abstract syntax trees
(ASTs).
rehype adds support for HTML to unified.
hast is the HTML AST that rehype uses.
This is a rehype plugin that adds rel (and target) to <a>s in the AST.
This project is useful when you want to display user content from authors you don’t trust (such as comments), as they might include links you don’t endorse, on your website.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install rehype-external-links
In Deno with esm.sh:
import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3'
In browsers with esm.sh:
<script type="module">
import rehypeExternalLinks from 'https://esm.sh/rehype-external-links@3?bundle'
</script>
Say our module example.js contains:
import rehypeExternalLinks from 'rehype-external-links'
import remarkParse from 'remark-parse'
import remarkRehype from 'remark-rehype'
import rehypeStringify from 'rehype-stringify'
import {unified} from 'unified'
const file = await unified()
.use(remarkParse)
.use(remarkRehype)
.use(rehypeExternalLinks, {rel: ['nofollow']})
.use(rehypeStringify)
.process('[rehype](https://github.com/rehypejs/rehype)')
console.log(String(file))
…then running node example.js yields:
<p><a href="https://github.com/rehypejs/rehype" rel="nofollow">rehype</a></p>
This package exports no identifiers.
The default export is rehypeExternalLinks.
unified().use(rehypeExternalLinks[, options])Automatically add rel (and target?) to external links.
options (Options, optional)
— configurationTransform (Transformer).
You should likely not configure target.
You should at least set rel to ['nofollow'].
When using a target, add noopener and noreferrer to avoid exploitation
of the window.opener API.
When using a target, you should set content to adhere to accessibility
guidelines by giving users advanced warning when opening a new window.
CreateContentCreate a target for the element (TypeScript type).
element (Element)
— element to checkContent to add (Array<Node> or Node, optional).
CreatePropertiesCreate properties for an element (TypeScript type).
element (Element)
— element to checkProperties to add (Properties, optional).
CreateRelCreate a rel for the element (TypeScript type).
element (Element)
— element to checkrel to use (Array<string>, optional).
CreateTargetCreate a target for the element (TypeScript type).
element (Element)
— element to checktarget to use (Target, optional).
OptionsConfiguration (TypeScript type).
content (Array<Node>, CreateContent, or Node,
optional)
— content to insert at the end of external links; will be inserted in a
<span> element; useful for improving accessibility by giving users
advanced warning when opening a new windowcontentProperties (CreateProperties or
Properties, optional)
— properties to add to the span wrapping contentproperties (CreateProperties or
Properties, optional)
— properties to add to the link itselfprotocols (Array<string>, default: ['http', 'https'])
— protocols to see as external, such as mailto or telrel (Array<string>, CreateRel, or string,
default: ['nofollow'])
— link types to hint about the referenced documents; pass an
empty array ([]) to not set rels on links; when using a target, add noopener
and noreferrer to avoid exploitation of the window.opener APItarget (CreateTarget or Target,
optional)
— how to display referenced documents; the default (nothing) is to not set
targets on linkstest (Test, optional)
— extra test to define which external link elements are modified; any test
that can be given to hast-util-is-element is supportedTargetTarget (TypeScript type).
type Target = '_blank' | '_parent' | '_self' | '_top'
This package is fully typed with TypeScript.
It exports the additional types
CreateContent,
CreateProperties,
CreateRel,
CreateTarget,
Options, and
Target.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, rehype-external-links@^3,
compatible with Node.js 16.
This plugin works with rehype-parse version 3+, rehype-stringify version 3+,
rehype version 4+, and unified version 6+.
Improper use of rehype-external-links can open you up to a
cross-site scripting (XSS) attack.
Either do not combine this plugin with user content or use
rehype-sanitize.
See contributing.md in rehypejs/.github for ways
to get started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
rehype plugin to automatically add `target` and `rel` attributes to external links
The npm package rehype-external-links receives a total of 1,250,386 weekly downloads. As such, rehype-external-links popularity was classified as popular.
We found that rehype-external-links demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.