Gathering detailed insights and metrics for remark-license
Gathering detailed insights and metrics for remark-license
Installations
npm install remark-licenseDeveloper Guide
BETA
Typescript
Yes
Module System
ESM, UMD
Node Version
17.0.1
NPM Version
8.1.0
Score
79.9
Supply Chain
99.5
Quality
79.2
Maintenance
100
Vulnerability
98.9
License
Releases
14
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
163,491
Last Day
581
Last Week
5,386
Last Month
14,111
Last Year
43,245
GitHub Statistics
MIT License
19 Stars
121 Commits
8 Forks
9 Watchers
1 Branches
17 Contributors
Updated on Dec 25, 2023
Bundle Size
102.73 kB
Minified
25.10 kB
Minified + Gzipped
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
6.1.0
Package Id
remark-license@6.1.0
Unpacked Size
20.09 kB
Size
6.83 kB
File Count
15
NPM Version
8.1.0
Node Version
17.0.1
Published on
Nov 29, 2021
Total Downloads
Cumulative downloads
Total Downloads
163,491
Last Day
175.4%
581
Compared to previous day
Last Week
31.8%
5,386
Compared to previous week
Last Month
98.3%
14,111
Compared to previous month
Last Year
64.4%
43,245
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
remark-license
remark plugin to generate a license section.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This package is a unified (remark) plugin to generate a license section such as the one below.
unified is a project that transforms content with abstract syntax trees (ASTs). remark adds support for markdown to unified. mdast is the markdown AST that remark uses. This is a remark plugin that transforms mdast.
When should I use this?
This project is useful when you’re writing documentation for an open source
project, typically a Node.js package, that has one or more readmes and maybe
some other markdown files as well.
You want to show the author and license associated with the project.
When this plugin is used, authors can add a certain heading (say, ## License)
to documents and this plugin will populate them.
Install
This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
1npm install remark-license
In Deno with Skypack:
1import remarkLicense from 'https://cdn.skypack.dev/remark-license@6?dts'
In browsers with Skypack:
1<script type="module"> 2 import remarkLicense from 'https://cdn.skypack.dev/remark-license@6?min' 3</script>
Use
Say we have the following file example.md in this project:
1# Example 2 3Some text. 4 5## Use 6 7## API 8 9## License
And our module example.js looks as follows:
1import {read} from 'to-vfile' 2import {remark} from 'remark' 3import remarkLicense from 'remark-license' 4 5main() 6 7async function main() { 8 const file = await remark() 9 .use(remarkLicense) 10 .process(await read('example.md')) 11 12 console.log(String(file)) 13}
Now running node example.js yields:
1# Example 2 3Some text. 4 5## Use 6 7## API 8 9## License 10 11[MIT](license) © [Titus Wormer](https://wooorm.com)
???? Note: This info is inferred from this project’s
package.jsonandlicensefile. Running this example in a different package will yield different results.
API
This package exports no identifiers.
The default export is remarkLicense.
unified().use(remarkLicense[, options])
Generate a license section. In short, this plugin:
- looks for the heading matching
/^licen[cs]e$/ioroptions.heading. - if there is a heading, replaces it with a new section
options
Configuration (optional in Node.js, required in browsers).
options.name
License holder (string).
In Node.js, defaults to the author field in the closest package.json.
Throws when neither given nor detected.
options.license
SPDX identifier (string).
In Node.js, defaults to the license field in the closest package.json.
Throws when neither given nor detected.
options.file
File name of license file (string, optional).
In Node.js, defaults to a file in the directory of the closest package.json
that matches /^licen[cs]e(?=$|\.)/i.
If there is no given or found license file, but options.license is a known
SPDX identifier, then the URL to the license on spdx.org is used.
options.url
URL to license holder (string, optional).
In Node.js, defaults to the author field in the closest package.json.
http:// is prepended if url does not start with an HTTP or HTTPS protocol.
options.ignoreFinalDefinitions
Ignore definitions that would otherwise trail in the section (boolean,
default: true).
options.heading
Heading to look for (string (case insensitive) or RegExp, default:
/^licen[cs]e$/i).
Types
This package is fully typed with TypeScript.
It exports an Options type, which specifies the interface of the accepted
options.
Compatibility
Projects maintained by the unified collective are compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. Our projects sometimes work with older versions, but this is not guaranteed.
This plugin works with unified version 6+ and remark version 7+.
Security
options.url (or author.url in package.json) is used and injected into the
tree when it’s given or found.
This could open you up to a cross-site scripting (XSS) attack if you pass
user provided content in or store user provided content in package.json.
This may become a problem if the markdown is later transformed to rehype (hast) or opened in an unsafe markdown viewer.
Related
remark-collapse– make some sections collapsibleremark-contributors– generate a contributors sectionremark-toc— generate a table of contentsremark-usage— generate a usage example
Contribute
See contributing.md in remarkjs/.github for ways
to get started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/remarkjs/.github/security.md:1
- Info: Found linked content: github.com/remarkjs/.github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/remarkjs/.github/security.md:1
- Info: Found text in security policy: github.com/remarkjs/.github/security.md:1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/bb.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bb.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/remarkjs/remark-license/bb.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/remarkjs/remark-license/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/remarkjs/remark-license/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/remarkjs/remark-license/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:15
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 5.1.1 not signed: https://api.github.com/repos/remarkjs/remark-license/releases/24746623
- Warn: release artifact 5.1.1 does not have provenance: https://api.github.com/repos/remarkjs/remark-license/releases/24746623
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 1 are checked with a SAST tool
Score
3.7
/10
Last Scanned on 2025-04-28
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More