Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Print PDFs from Markdown files and a HTML layout using Weasyprint.
pip install md2weasypdf
python -m md2weasypdf <input_folder_or_file> <output_path>
When a layout is not specified in the files frontmatter (see below), the --layout
option has to be passed.
The watch mode is intended for creation of layouts. The given layouts directory and input directory will be watched for changes.
For VSCode the extension vscode-pdf can be recommended, as it refreshes the displayed PDF automatically.
python -m md2weasypdf <input_folder_or_file> <output_path> --watch
Input files are expected in markdown format with several markdown extensions. The markdown documents can utilize Jinja2 for templating inside the document (e. g. reusing texts).
The bundling feature allows to bundle multiple documents into one PDF. This is useful when you want to create one PDF file from multiple source files. The bundling feature is enabled by adding the --bundle
flag to the command. The specified input folder will be searched recursively for *.md
files, files starting with an underscore will be ignored.
When using the bundle option, a layout has to be specified using --layout
and a title for the whole document using --title
.
YAML Frontmatter can be used to customize the document layout or add other options which will be passed to the template. The following example shows how a document with frontmatter section could look like:
---
title: My Document Title
layout: doc1
---
Lorem ipsum...
Markdown files may contain Jinja2 templating, such as including other files.
In addition to just markdown files, yaml
files are also rendered when there is a _template.md
file present in the same or parent folder, which then uses Jinja2 to render its contents with values passed from the yaml
file.
The document layout must be given via the command option --layout
or in the frontmatter of the single file. As layout a directory name inside the ./layouts
directory (default, can be changed using --layouts-dir
) is expected. In the layout directory, a index.html.j2
or index.html
file is expected, which is loaded as entrypoint. The file is parsed using Jinja2.
A document is, when --bundle
option is used, a collection of articles, otherwise contains just one article.
The following variables are passed to the Jinja2 renderer:
date
: current date in ISO formatcommit
: the current commit (with suffix -dirty
when the working directory has uncommitted changes)articles
: list of articles, will be a list of only one article when not using --bundle
optiontitle
: the current filename of the article stripped by it's suffix, values in braces ()
removed and underscores _
replaced with spaces
; or the value passed in --title
(required and used value when --bundle
option is set)meta
: metadata as provided in the articles frontmatter and/or as passed in --meta
(will be combined with frontmatter taking precedence)The article represents the single file which is used as input.
It has the following attributes for use in the document rendering:
title
: see abovecontent
rendered HTML, use with | save
in Jinja2 to prevent unwanted escapingsource
path to the filemeta
see abovehash
git object hash of the file or, when other files were included in the article, a new hash over all used filesmodified_date
date of last modification of the file or, when other files were included in the article, the latest date of all used fileshas_custom_headline
indicates if the document starts with an h1 level headingInsert a table of contents using [TOC]
. The table of contents will be generated automatically based on the headlines (lines starting with one or multiple #
) in the document.
Which levels of headlines should be included in the TOC can be defined by declaring toc_depth
in meta passed or the articles frontmatter.
Insert a table of abbreviations using [TOA]
. The table of abbreviations will be generated automatically based on defined abbreviations (using *[Abbreviation]: Explanation
) in the document.
Footnotes let you reference relevant information without disrupting the flow of what you're trying to say:
Here's a simple footnote,[^1] and here's a longer one.[^bignote]
[^1]: This is the first footnote.
[^bignote]: Here's one with multiple paragraphs and code.
Indent paragraphs to include them in the footnote.
`{ my code }`
Add as many paragraphs as you like.
It is possible to reference to the same footnote by using the same footnote label.
Use tildes ~
around text to create a subscript formatting.
Use [ ]
to create a checkbox. Use [x]
to mark a checkbox as checked.
Use [>input_id]
to create a text input. To create a textarea, add |textbox
after the input id. To create a date field, add |YYYY-MM-DD
after the input id.
To add a placeholder, append the placeholder text within parens to the end of the input id: [>input_id] (placeholder text)
.
Mermaid.js can be used in code blocks with the language mermaid
. To convert the mermaid code into an image, mermaid-cli is required to be installed on the system.
FAQs
Print PDFs from Markdown Files using Weasyprint
We found that md2weasypdf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.