Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
remark-lint-no-shortcut-reference-image
Advanced tools
remark-lint rule to warn when shortcut reference images are used
remark-lint
rule to warn when shortcut reference images are used.
This package checks that collapsed or full reference images are used.
You can use this package to check that references are consistent.
This plugin is included in the following presets:
Preset | Options |
---|---|
remark-preset-lint-markdown-style-guide | |
remark-preset-lint-recommended |
This package is ESM only. In Node.js (version 16+), install with npm:
npm install remark-lint-no-shortcut-reference-image
In Deno with esm.sh
:
import remarkLintNoShortcutReferenceImage from 'https://esm.sh/remark-lint-no-shortcut-reference-image@4'
In browsers with esm.sh
:
<script type="module">
import remarkLintNoShortcutReferenceImage from 'https://esm.sh/remark-lint-no-shortcut-reference-image@4?bundle'
</script>
On the API:
import remarkLint from 'remark-lint'
import remarkLintNoShortcutReferenceImage from 'remark-lint-no-shortcut-reference-image'
import remarkParse from 'remark-parse'
import remarkStringify from 'remark-stringify'
import {read} from 'to-vfile'
import {unified} from 'unified'
import {reporter} from 'vfile-reporter'
const file = await read('example.md')
await unified()
.use(remarkParse)
.use(remarkLint)
.use(remarkLintNoShortcutReferenceImage)
.use(remarkStringify)
.process(file)
console.error(reporter(file))
On the CLI:
remark --frail --use remark-lint --use remark-lint-no-shortcut-reference-image .
On the CLI in a config file (here a package.json
):
…
"remarkConfig": {
"plugins": [
…
"remark-lint",
+ "remark-lint-no-shortcut-reference-image",
…
]
}
…
This package exports no identifiers.
It exports no additional TypeScript types.
The default export is
remarkLintNoShortcutReferenceImage
.
unified().use(remarkLintNoShortcutReferenceImage)
Warn when shortcut reference images are used.
There are no options.
Transform (Transformer
from unified
).
Shortcut references use an implicit style that looks a lot like something that could occur as plain text instead of syntax. In some cases, plain text is intended instead of an image. So it’s recommended to use collapsed or full references instead.
ok.md
![Mercury][]
[mercury]: /mercury.png
No messages.
not-ok.md
![Mercury]
[mercury]: /mercury.png
1:1-1:11: Unexpected shortcut reference image (`![text]`), expected collapsed reference (`![text][]`)
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line,
remark-lint-no-shortcut-reference-image@4
,
compatible with Node.js 16.
See contributing.md
in remarkjs/.github
for ways
to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
remark-lint rule to warn when shortcut reference images are used
The npm package remark-lint-no-shortcut-reference-image receives a total of 146,961 weekly downloads. As such, remark-lint-no-shortcut-reference-image popularity was classified as popular.
We found that remark-lint-no-shortcut-reference-image demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.