remark-images
Advanced tools
Comparing version 1.0.0 to 2.0.0
@@ -5,6 +5,7 @@ const isUrl = require('is-url') | ||
const isImgExt = str => /\.(svg|png|jpg|jpeg|gif)$/.test(str) | ||
const isAbsolutePath = str => str.startsWith('/') | ||
const isRelativePath = str => str.startsWith('./') || str.startsWith('../') | ||
const isImgPath = str => isAbsolutePath(str) || isRelativePath(str) | ||
const isImgExt = (value) => /\.(svg|png|jpg|jpeg|gif)$/.test(value) | ||
const isAbsolutePath = (value) => value.startsWith('/') | ||
const isRelativePath = (value) => | ||
value.startsWith('./') || value.startsWith('../') | ||
const isImgPath = (value) => isAbsolutePath(value) || isRelativePath(value) | ||
const isInteractive = convert(['link', 'linkReference']) | ||
@@ -11,0 +12,0 @@ |
{ | ||
"name": "remark-images", | ||
"version": "1.0.0", | ||
"version": "2.0.0", | ||
"description": "remark plugin to add an improved image syntax", | ||
@@ -9,2 +9,3 @@ "license": "MIT", | ||
"remark", | ||
"remark-plugin", | ||
"plugin", | ||
@@ -21,2 +22,6 @@ "mdast", | ||
"repository": "remarkjs/remark-images", | ||
"funding": { | ||
"type": "opencollective", | ||
"url": "https://opencollective.com/unified" | ||
}, | ||
"bugs": "https://github.com/remarkjs/remark-images/issues", | ||
@@ -36,13 +41,13 @@ "author": "John Otander <johnotander@gmail.com> (http://johnotander.com)", | ||
"is-url": "^1.2.2", | ||
"unist-util-is": "^3.0.0", | ||
"unist-util-visit-parents": "^2.1.0" | ||
"unist-util-is": "^4.0.0", | ||
"unist-util-visit-parents": "^3.0.0" | ||
}, | ||
"devDependencies": { | ||
"nyc": "^14.0.0", | ||
"prettier": "^1.0.0", | ||
"remark": "^10.0.0", | ||
"remark-cli": "^6.0.0", | ||
"remark-preset-wooorm": "^5.0.0", | ||
"nyc": "^15.0.0", | ||
"prettier": "^2.0.0", | ||
"remark": "^11.0.0", | ||
"remark-cli": "^7.0.0", | ||
"remark-preset-wooorm": "^6.0.0", | ||
"tape": "^4.0.0", | ||
"xo": "^0.24.0" | ||
"xo": "^0.28.0" | ||
}, | ||
@@ -49,0 +54,0 @@ "scripts": { |
@@ -73,2 +73,12 @@ # remark-images | ||
## Security | ||
Although this plugin should be safe to use, always be careful with user input. | ||
For example, it’s possible to hide JavaScript inside images (such as GIFs, | ||
WebPs, and SVGs). | ||
User provided images open you up to a [cross-site scripting (XSS)][xss] attack. | ||
This may become a problem if the Markdown later transformed to | ||
[**rehype**][rehype] ([**hast**][hast]) or opened in an unsafe Markdown viewer. | ||
## Contribute | ||
@@ -80,4 +90,4 @@ | ||
This project has a [Code of Conduct][coc]. | ||
By interacting with this repository, organisation, or community you agree to | ||
This project has a [code of conduct][coc]. | ||
By interacting with this repository, organization, or community you agree to | ||
abide by its terms. | ||
@@ -113,3 +123,3 @@ | ||
[chat-badge]: https://img.shields.io/badge/join%20the%20community-on%20spectrum-7b16ff.svg | ||
[chat-badge]: https://img.shields.io/badge/chat-spectrum-7b16ff.svg | ||
@@ -133,1 +143,7 @@ [chat]: https://spectrum.chat/unified/remark | ||
[remark]: https://github.com/remarkjs/remark | ||
[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting | ||
[rehype]: https://github.com/rehypejs/rehype | ||
[hast]: https://github.com/syntax-tree/hast |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
8000
49
146
0
+ Added@types/unist@2.0.11(transitive)
+ Addedunist-util-is@4.1.0(transitive)
+ Addedunist-util-visit-parents@3.1.1(transitive)
- Removedunist-util-is@3.0.0(transitive)
- Removedunist-util-visit-parents@2.1.2(transitive)
Updatedunist-util-is@^4.0.0