Gathering detailed insights and metrics for marked
Gathering detailed insights and metrics for marked
Gathering detailed insights and metrics for marked
Gathering detailed insights and metrics for marked
A markdown parser and compiler. Built for speed.
npm install marked
99.2
Supply Chain
100
Quality
95.5
Maintenance
100
Vulnerability
99.6
License
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
33,280 Stars
3,495 Commits
3,393 Forks
387 Watching
2 Branches
185 Contributors
Updated on 28 Nov 2024
JavaScript (35.35%)
TypeScript (34.88%)
HTML (29.78%)
Cumulative downloads
Total Downloads
Last day
-0%
2,348,599
Compared to previous day
Last week
5%
12,926,752
Compared to previous week
Last month
26.5%
50,084,334
Compared to previous month
Last year
23.1%
474,992,966
Compared to previous year
25
Checkout the demo page to see marked in action ⛹️
Our documentation pages are also rendered using marked 💯
Also read about:
Node.js: Only current and LTS Node.js versions are supported. End of life Node.js versions may become incompatible with Marked at any point in time.
Browser: Not IE11 :)
CLI:
1npm install -g marked
In-browser:
1npm install marked
DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));
CLI
1# Example with stdin input 2$ marked -o hello.html 3hello world 4^D 5$ cat hello.html 6<p>hello world</p>
1# Print all options 2$ marked --help
Browser
1<!doctype html> 2<html> 3<head> 4 <meta charset="utf-8"/> 5 <title>Marked in the browser</title> 6</head> 7<body> 8 <div id="content"></div> 9 <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script> 10 <script> 11 document.getElementById('content').innerHTML = 12 marked.parse('# Marked in the browser\n\nRendered by **marked**.'); 13 </script> 14</body> 15</html>
or import esm module
1<script type="module"> 2 import { marked } from "https://cdn.jsdelivr.net/npm/marked/lib/marked.esm.js"; 3 document.getElementById('content').innerHTML = 4 marked.parse('# Marked in the browser\n\nRendered by **marked**.'); 5</script>
Copyright (c) 2011-2022, Christopher Jeffrey. (MIT License)
The latest stable version of the package.
Stable Version
4
7.5/10
Summary
Regular Expression Denial of Service in marked
Affected Versions
< 0.3.4
Patched Versions
0.3.4
7.5/10
Summary
Inefficient Regular Expression Complexity in marked
Affected Versions
< 4.0.10
Patched Versions
4.0.10
7.5/10
Summary
Inefficient Regular Expression Complexity in marked
Affected Versions
< 4.0.10
Patched Versions
4.0.10
7.5/10
Summary
Regular Expression Denial of Service in marked
Affected Versions
< 0.3.9
Patched Versions
0.3.9
11
6.1/10
Summary
Marked vulnerable to XSS from data URIs
Affected Versions
< 0.3.7
Patched Versions
0.3.7
6.1/10
Summary
Sanitization bypass using HTML Entities in marked
Affected Versions
< 0.3.6
Patched Versions
0.3.6
0/10
Summary
Content injection in marked
Affected Versions
< 0.3.9
Patched Versions
0.3.9
0/10
Summary
Regular Expression Denial of Service
Affected Versions
>= 0.5.0, < 0.6.1
Patched Versions
0.6.1
0/10
Summary
Cross-Site Scripting in marked
Affected Versions
< 0.3.9
Patched Versions
0.3.9
0/10
Summary
Moderate severity vulnerability that affects marked
Affected Versions
< 0.3.3
Patched Versions
0.3.3
5.3/10
Summary
Marked ReDoS due to email addresses being evaluated in quadratic time
Affected Versions
>= 0.3.14, < 0.6.2
Patched Versions
0.6.2
5.3/10
Summary
Regular Expression Denial of Service (REDoS) in Marked
Affected Versions
>= 1.1.1, < 2.0.0
Patched Versions
2.0.0
6.1/10
Summary
Multiple Content Injection Vulnerabilities in marked
Affected Versions
<= 0.3.0
Patched Versions
0.3.1
0/10
Summary
Moderate severity vulnerability that affects marked
Affected Versions
< 0.3.9
Patched Versions
0.3.9
0/10
Summary
VBScript Content Injection in marked
Affected Versions
< 0.3.3
Patched Versions
0.3.3
1
0/10
Summary
Regular Expression Denial of Service in marked
Affected Versions
>= 0.4.0, < 0.7.0
Patched Versions
0.7.0
Reason
security policy file detected
Details
Reason
30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
Reason
license file detected
Details
Reason
2 existing vulnerabilities detected
Details
Reason
Found 10/16 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More