Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
remark-embed-images
Advanced tools
remark-embed-images
remark plugin to embed local images as data URIs.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This package is a unified (remark) plugin that inlines images as data URIs.
When should I use this?
You can use this package when you want to move markdown that references local images around more easily, because images will be inlined. This does makes the markdown quite hard to read and isn’t supported everywhere (such as GitHub), because data URIs might result in security risks.
Install
This package is ESM only. In Node.js (version 18+), install with npm:
npm install remark-embed-images
In Deno with esm.sh:
import remarkEmbedImages from 'https://esm.sh/remark-embed-images@5'
In browsers with esm.sh:
<script type="module">
import remarkEmbedImages from 'https://esm.sh/remark-embed-images@5?bundle'
</script>
Use
Say we have an image foo.png and next to it the following
file example.md:
…and a module example.js:
import {remark} from 'remark'
import remarkEmbedImages from 'remark-embed-images'
import {read} from 'to-vfile'
const file = await read('example.md')
await remark()
.use(remarkEmbedImages)
.process(file)
console.log(String(file))
…then running node example.js yields:
API
This package exports no identifiers.
The default export is remarkEmbedImages.
unified().use(remarkEmbedImages)
Embed local images as data URIs.
Parameters
There are no options.
Returns
Transform (Transformer).
Types
This package is fully typed with TypeScript. It exports no additional types.
Compatibility
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, remark-embed-images@5,
compatible with Node.js 18.
This plugin works with unified version 6+ and remark version 7+.
Security
Always be careful with user input. For example, it’s possible to hide JavaScript inside images (such as GIFs, WebPs, and SVGs). User provided images open you up to a cross-site scripting (XSS) attack.
Related
remarkjs/remark-images— add a simpler image syntaxremarkjs/remark-unwrap-images— remove the wrapping paragraph for images
Contribute
See contributing.md in remarkjs/.github for ways
to get started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
License
FAQs
remark plugin to embed local images as data URIs
The npm package remark-embed-images receives a total of 6,740 weekly downloads. As such, remark-embed-images popularity was classified as popular.
We found that remark-embed-images demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 01 Oct 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025