[npm] Use Showdownjs instead of markdown-to-html for converting Markdown to HTML
There are several npm packages for converting Markdown to HTML in Node.js, but I recommend using Showdownjs instead of markdown-to-html.
Here are the links for both markdown-to-html and Showdownjs respectively.
markdown-to-html
Showdownjs
The main reason I recommend Showdownjs is that markdown-to-html has vulnerabilities.
$ npm install
audited 271 packages in 1.191s
found 2 vulnerabilities (1 moderate, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
When I ran the npm audit command, the following npm audit security report was output.
$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ open │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >0.0.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ markdown-to-html [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ markdown-to-html > open │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/663 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ bl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.9.5 <1.0.0 || >=1.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ markdown-to-html [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ markdown-to-html > pygmentize-bundled > bl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/596 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 moderate, 1 critical) in 271 scanned packages
2 vulnerabilities require manual review. See the full report for details.
That’s all from the Gemba, where we want to keep using libraries without vulnerabilities.