conclurer / markdown-to-html-pipe Goto Github PK

The free nsp security check tool reports a problem with your package. Thus I am unable to use it. I think you can fix the issues by upgrading the version(s) of your dependencies (some are pretty old):

Here is the output from the tool:

┌───────────────┬───────────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Regular Expression Denial of Service │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name │ marked │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ CVSS │ 7.5 (High) │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ Installed │ 0.3.6 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ All │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ Patched │ None │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ Path │ ... > [email protected] > [email protected] │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/531 │
└───────────────┴───────────────────────────────────────────────────────────────────────────────────────────────┘

Currently, when using the pipe the output HTML markup is wrapped in a <p> HTML paragraph.

Actual Output

<span>
    <p>
        foo <strong>bar</strong>
    </p>
</span>

Imho the expected behaviour is not to add any additional HTML.

Expected Output

<span>
    foo <strong>bar</strong>
</span>

In my case it made the layout change since I had some span text before which is now in a paragraph and became a block element.

Input

<span [innerHTML]="'foo **bar**' | MarkdownToHtml"></span>

A new build would pull in the patched version of marked.
https://nodesecurity.io/advisories/531

Hi,

is it possible to upgrade the rxjs dependency in your component?
It seems to work fine with the most recent version (beta.11) but I can't add your plugin to my package.json (i have to install it manually every time).

Thank you very much

P.s.: I'm new to npm and angular, I'm sorry if I wrote something stupid :-)

Isaia

Hi,
i got this warning:
npm WARN [email protected] requires a peer of @angular/core@^2.0.0 but none was installed.

Any idea what to do about this?
we are using these packages:
"dependencies": {
"@angular/animations": "^4.1.2",
"@angular/common": "^4.1.2",
"@angular/compiler": "^4.1.2",
"@angular/core": "^4.1.2",
"@angular/forms": "^4.1.2",
"@angular/http": "^4.1.2",
"@angular/platform-browser": "^4.1.2",
"@angular/platform-browser-dynamic": "^4.1.2",
"@angular/router": "^4.1.2",
"angular-2-local-storage": "^1.0.1",
"angular2-jwt": "^0.2.3",
"angular2-moment": "^1.1.0",
"core-js": "^2.4.1",
"markdown-to-html-pipe": "^1.2.0",
"ng2-translate": "^5.0.0",
"ngx-bootstrap": "^1.6.6",
"ngx-clipboard": "^8.0.2",
"rxjs": "^5.2.0",
"web-animations-js": "^2.2.2",
"zone.js": "^0.8.4"
},

Thanks

I know these aren't standard in all flavors of markdown, but any interest in supporting Github's style of checkboxes in this package?

This example:

- [ ] An unchecked checkbox
- [x] A checked checkbox

Would render as it does on Github:

• An unchecked checkbox
• A checked checkbox

Hi there,

Is there any change this package will be updated so that the following warning is gone:
npm WARN [email protected] requires a peer of @angular/core@^2.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.

Tnx for any help!

npm i warns "ENOENT: no such file or directory markdown-to-html-pipe/index.js.map". I see that markdown-to-html-pipe/index.D.TS.map does exist. Could it be related to any of your configs?

Thanks for your work 👍

The latests version of node is not supported by your packages dependencies.

This package is not formatted according to Package Format 4.0. Please update this package to follow the spec.

https://docs.google.com/document/d/1CZC2rcpxffTDfRDs6p1cfbmKNLA6x5O-NtkJglDaBVs/preview

Error: Type MarkdownToHtmlPipe in E:/angutype/node_modules/markdown-to-html-pipe/src/markdown-to-html.pipe.d.ts is part of the declarations of 2 modules: MarkdownToHtm
lModule in E:/angutype/node_modules/markdown-to-html-pipe/index.d.ts and AtAppModule in E:/angutype/src/app/AT/At.module.ts! Please consider moving MarkdownToHtmlPipe
in E:/angutype/node_modules/markdown-to-html-pipe/src/markdown-to-html.pipe.d.ts to a higher module that imports MarkdownToHtmlModule in E:/angutype/node_modules/markd
own-to-html-pipe/index.d.ts and AtAppModule in E:/angutype/src/app/AT/At.module.ts. You can also create a new NgModule that exports and includes MarkdownToHtmlPipe in
E:/angutype/node_modules/markdown-to-html-pipe/src/markdown-to-html.pipe.d.ts then import that NgModule in MarkdownToHtmlModule in E:/angutype/node_modules/markdown-to
-html-pipe/index.d.ts and AtAppModule in E:/angutype/src/app/AT/At.module.ts.

I use angular cli.
When I try to build project I get an error:

/node_modules/markdown-to-html-pipe/src/markdown-to-html.pipe.ts:2:0 
Import assignment cannot be used when targeting ECMAScript 2015 modules. Consider using 'import * as ns from "mod"', 'import {a} from "mod"', 'import d from "mod"', or another module format instead.