remark-validate-links - npm Package Compare versions

Comparing version 9.0.1 to 9.1.0

lib/find/config.js

@@ -9,2 +9,3 @@ 'use strict'
 var headingPrefixes = {github: '#', gitlab: '#', bitbucket: '#markdown-header-'}
+var topAnchors = {github: '#readme', gitlab: '#readme'}
 var lineLinks = {github: true, gitlab: true}
@@ -21,3 +22,9 @@
 
-  urlConfig = {prefix: '', headingPrefix: '#', lines: false, hostname: null}
+  urlConfig = {
+    prefix: '',
+    headingPrefix: '#',
+    lines: false,
+    hostname: null,
+    topAnchor: null
+  }
 
@@ -41,2 +48,6 @@ if (repo) {
 
+    if (info.type in topAnchors) {
+      urlConfig.topAnchor = topAnchors[info.type]
+    }
+
     urlConfig.hostname = info.domain
@@ -43,0 +54,0 @@ }

lib/find/find.js

@@ -111,3 +111,3 @@ 'use strict'
     url = new URL(value)
-  } catch (error) {}
+  } catch (_) {}
 
@@ -171,2 +171,3 @@ // URLs: `https://github.com/wooorm/test/blob/master/directory/example.md`.
   var prefix = config.headingPrefix
+  var topAnchor = config.topAnchor
   var filePath
@@ -181,5 +182,9 @@ var hash
 
+    // Ignore the hash if it references the top anchor of the environment
+    if (topAnchor && hash === topAnchor) {
+      hash = undefined
+    }
     // Ignore the hash if it references lines in a file or doesn’t start
     // with a heading prefix.
-    if (
+    else if (
       (lines && lineExpression.test(hash)) ||
@@ -186,0 +191,0 @@ hash.slice(0, prefix.length) !== prefix

package.json

 {
   "name": "remark-validate-links",
-  "version": "9.0.1",
+  "version": "9.1.0",
   "description": "remark plugin to validate links to headings and files",
@@ -49,13 +49,13 @@ "license": "MIT",
   "devDependencies": {
-    "execa": "^2.0.0",
-    "nyc": "^14.0.0",
+    "execa": "^4.0.0",
+    "nyc": "^15.0.0",
     "prettier": "^1.0.0",
-    "remark": "^10.0.0",
-    "remark-cli": "^6.0.0",
-    "remark-preset-wooorm": "^5.0.0",
-    "rimraf": "^2.0.0",
-    "strip-ansi": "^5.0.0",
+    "remark": "^11.0.0",
+    "remark-cli": "^7.0.0",
+    "remark-preset-wooorm": "^6.0.0",
+    "rimraf": "^3.0.0",
+    "strip-ansi": "^6.0.0",
     "tape": "^4.0.0",
     "vfile-sort": "^2.0.0",
-    "xo": "^0.24.0"
+    "xo": "^0.25.0"
   },
@@ -86,2 +86,3 @@ "scripts": {
     "rules": {
+      "unicorn/prefer-includes": "off",
       "guard-for-in": "off"
@@ -88,0 +89,0 @@ }

readme.md

@@ -34,2 +34,3 @@ # remark-validate-links
 *   [Integration](#integration)
+*   [Security](#security)
 *   [Related](#related)
@@ -219,2 +220,11 @@ *   [Contribute](#contribute)
 
+## Security
+
+`remark-validate-links`, in Node, accesses the file system based on user
+content, and this may be dangerous.
+In Node `git remote` and `git rev-parse` also runs for processed files.
+
+The tree is not modified, so there are no openings for
+[cross-site scripting (XSS)][xss] attacks.
+
 ## Related
@@ -294,1 +304,3 @@
 [cwd]: https://github.com/vfile/vfile#vfilecwd
+
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26165

increased by3.11%

Lines of code

519

increased by2.98%

Number of lines in readme file

304

increased by4.11%

No dependency changes