Alternatives to the "marked" markdown renderer...
tony at raisingthefloor.org
Tue Sep 19 16:47:09 UTC 2017
[I posted this earlier, crossposting as suggested by Justin to include a
As you may remember from previous discussions regarding Snyk
<http://snyk.io/>, the largest source of vulnerabilities in the work I
maintain is the "marked <https://github.com/chjj/marked>" library, which is
also used in the Docpad Infusion docs site. After waiting months for a
"marked" release that includes the fix for a previous vulnerability, I
discovered this week that even more vulnerabilities have been reported
since I last looked.
It seemed like a good time to look around for replacements, I did so and
wrote up a technology evaluation on the wiki:
Please take a moment to review, especially those of you who regularly
contribute to the Infusion Docpad docs. I would like to confirm that the
list of candidates and requirements is reasonable, and to get feedback on
my conclusion, which is that "markdown-it" and the associated Docpad plugin
are our best candidates to replace "marked" at the moment.
Although I will also mention this in the architecture meeting tomorrow and
ask for feedback there, feedback in the next day or so would be much
appreciated. Unless there are strong objections coming out of tomorrow's
meeting, I plan to work on replacing "marked" in gpii-handlebars by the end
of the week.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fluid-work