remark-validate-links
Advanced tools
Comparing version 9.0.1 to 9.1.0
@@ -9,2 +9,3 @@ 'use strict' | ||
var headingPrefixes = {github: '#', gitlab: '#', bitbucket: '#markdown-header-'} | ||
var topAnchors = {github: '#readme', gitlab: '#readme'} | ||
var lineLinks = {github: true, gitlab: true} | ||
@@ -21,3 +22,9 @@ | ||
urlConfig = {prefix: '', headingPrefix: '#', lines: false, hostname: null} | ||
urlConfig = { | ||
prefix: '', | ||
headingPrefix: '#', | ||
lines: false, | ||
hostname: null, | ||
topAnchor: null | ||
} | ||
@@ -41,2 +48,6 @@ if (repo) { | ||
if (info.type in topAnchors) { | ||
urlConfig.topAnchor = topAnchors[info.type] | ||
} | ||
urlConfig.hostname = info.domain | ||
@@ -43,0 +54,0 @@ } |
@@ -111,3 +111,3 @@ 'use strict' | ||
url = new URL(value) | ||
} catch (error) {} | ||
} catch (_) {} | ||
@@ -171,2 +171,3 @@ // URLs: `https://github.com/wooorm/test/blob/master/directory/example.md`. | ||
var prefix = config.headingPrefix | ||
var topAnchor = config.topAnchor | ||
var filePath | ||
@@ -181,5 +182,9 @@ var hash | ||
// Ignore the hash if it references the top anchor of the environment | ||
if (topAnchor && hash === topAnchor) { | ||
hash = undefined | ||
} | ||
// Ignore the hash if it references lines in a file or doesn’t start | ||
// with a heading prefix. | ||
if ( | ||
else if ( | ||
(lines && lineExpression.test(hash)) || | ||
@@ -186,0 +191,0 @@ hash.slice(0, prefix.length) !== prefix |
{ | ||
"name": "remark-validate-links", | ||
"version": "9.0.1", | ||
"version": "9.1.0", | ||
"description": "remark plugin to validate links to headings and files", | ||
@@ -49,13 +49,13 @@ "license": "MIT", | ||
"devDependencies": { | ||
"execa": "^2.0.0", | ||
"nyc": "^14.0.0", | ||
"execa": "^4.0.0", | ||
"nyc": "^15.0.0", | ||
"prettier": "^1.0.0", | ||
"remark": "^10.0.0", | ||
"remark-cli": "^6.0.0", | ||
"remark-preset-wooorm": "^5.0.0", | ||
"rimraf": "^2.0.0", | ||
"strip-ansi": "^5.0.0", | ||
"remark": "^11.0.0", | ||
"remark-cli": "^7.0.0", | ||
"remark-preset-wooorm": "^6.0.0", | ||
"rimraf": "^3.0.0", | ||
"strip-ansi": "^6.0.0", | ||
"tape": "^4.0.0", | ||
"vfile-sort": "^2.0.0", | ||
"xo": "^0.24.0" | ||
"xo": "^0.25.0" | ||
}, | ||
@@ -86,2 +86,3 @@ "scripts": { | ||
"rules": { | ||
"unicorn/prefer-includes": "off", | ||
"guard-for-in": "off" | ||
@@ -88,0 +89,0 @@ } |
@@ -34,2 +34,3 @@ # remark-validate-links | ||
* [Integration](#integration) | ||
* [Security](#security) | ||
* [Related](#related) | ||
@@ -219,2 +220,11 @@ * [Contribute](#contribute) | ||
## Security | ||
`remark-validate-links`, in Node, accesses the file system based on user | ||
content, and this may be dangerous. | ||
In Node `git remote` and `git rev-parse` also runs for processed files. | ||
The tree is not modified, so there are no openings for | ||
[cross-site scripting (XSS)][xss] attacks. | ||
## Related | ||
@@ -294,1 +304,3 @@ | ||
[cwd]: https://github.com/vfile/vfile#vfilecwd | ||
[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
26165
519
304