Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

remark-validate-links

Package Overview
Dependencies
Maintainers
2
Versions
35
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remark-validate-links - npm Package Compare versions

Comparing version 9.0.1 to 9.1.0

13

lib/find/config.js

@@ -9,2 +9,3 @@ 'use strict'

var headingPrefixes = {github: '#', gitlab: '#', bitbucket: '#markdown-header-'}
var topAnchors = {github: '#readme', gitlab: '#readme'}
var lineLinks = {github: true, gitlab: true}

@@ -21,3 +22,9 @@

urlConfig = {prefix: '', headingPrefix: '#', lines: false, hostname: null}
urlConfig = {
prefix: '',
headingPrefix: '#',
lines: false,
hostname: null,
topAnchor: null
}

@@ -41,2 +48,6 @@ if (repo) {

if (info.type in topAnchors) {
urlConfig.topAnchor = topAnchors[info.type]
}
urlConfig.hostname = info.domain

@@ -43,0 +54,0 @@ }

9

lib/find/find.js

@@ -111,3 +111,3 @@ 'use strict'

url = new URL(value)
} catch (error) {}
} catch (_) {}

@@ -171,2 +171,3 @@ // URLs: `https://github.com/wooorm/test/blob/master/directory/example.md`.

var prefix = config.headingPrefix
var topAnchor = config.topAnchor
var filePath

@@ -181,5 +182,9 @@ var hash

// Ignore the hash if it references the top anchor of the environment
if (topAnchor && hash === topAnchor) {
hash = undefined
}
// Ignore the hash if it references lines in a file or doesn’t start
// with a heading prefix.
if (
else if (
(lines && lineExpression.test(hash)) ||

@@ -186,0 +191,0 @@ hash.slice(0, prefix.length) !== prefix

{
"name": "remark-validate-links",
"version": "9.0.1",
"version": "9.1.0",
"description": "remark plugin to validate links to headings and files",

@@ -49,13 +49,13 @@ "license": "MIT",

"devDependencies": {
"execa": "^2.0.0",
"nyc": "^14.0.0",
"execa": "^4.0.0",
"nyc": "^15.0.0",
"prettier": "^1.0.0",
"remark": "^10.0.0",
"remark-cli": "^6.0.0",
"remark-preset-wooorm": "^5.0.0",
"rimraf": "^2.0.0",
"strip-ansi": "^5.0.0",
"remark": "^11.0.0",
"remark-cli": "^7.0.0",
"remark-preset-wooorm": "^6.0.0",
"rimraf": "^3.0.0",
"strip-ansi": "^6.0.0",
"tape": "^4.0.0",
"vfile-sort": "^2.0.0",
"xo": "^0.24.0"
"xo": "^0.25.0"
},

@@ -86,2 +86,3 @@ "scripts": {

"rules": {
"unicorn/prefer-includes": "off",
"guard-for-in": "off"

@@ -88,0 +89,0 @@ }

@@ -34,2 +34,3 @@ # remark-validate-links

* [Integration](#integration)
* [Security](#security)
* [Related](#related)

@@ -219,2 +220,11 @@ * [Contribute](#contribute)

## Security
`remark-validate-links`, in Node, accesses the file system based on user
content, and this may be dangerous.
In Node `git remote` and `git rev-parse` also runs for processed files.
The tree is not modified, so there are no openings for
[cross-site scripting (XSS)][xss] attacks.
## Related

@@ -294,1 +304,3 @@

[cwd]: https://github.com/vfile/vfile#vfilecwd
[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc