=========================================================== .___ __ __ _________________ __ __ __| _/|__|/ |_ / ___\_` __ \__ \ | | \/ __ | | \\_ __\ / /_/ > | \// __ \| | / /_/ | | || | \___ /|__| (____ /____/\____ | |__||__| /_____/ \/ \/ grep rough audit - static analysis tool v2.8 written by @Wireghoul =================================[justanotherhacker.com]=== node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-2- node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md:3:- [ ] `$ npm version` has been run. node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-4-- [ ] Release notes in [draft GitHub release](https://github.com/markedjs/marked/releases) are up to date ############################################## node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-8-- [ ] Publish GitHub release using `master` with correct version number. node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md:9:- [ ] `$ npm publish` has been run. node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-10-- [ ] Create draft GitHub release to prepare next release. node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-11- node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md:12:Note: If merges to `master` occur after submitting this PR and before running `$ npm pubish` you should be able to node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-13- node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-14-1. pull from `upstream/master` (`git pull upstream master`) into the branch holding this version, node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md:15:2. run `$ npm run build` to regenerate the `min` file, and node-marked-0.8.0+ds/.github/PULL_REQUEST_TEMPLATE/release.md-16-3. commit and push the updated changes. ############################################## node-marked-0.8.0+ds/lib/marked.esm.js-513- del: /^~+(?=\S)([\s\S]*?\S)~+/, node-marked-0.8.0+ds/lib/marked.esm.js:514: text: /^(`+|[^`])(?:[\s\S]*?(?:(?=[\\<!\[`*~]|\b_|https?:\/\/|ftp:\/\/|www\.|$)|[^ ](?= {2,}\n)|[^a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-](?=[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))|(?= {2,}\n|[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))/ node-marked-0.8.0+ds/lib/marked.esm.js-515-}); ############################################## node-marked-0.8.0+ds/lib/marked.js-483- del: /^~+(?=\S)([\s\S]*?\S)~+/, node-marked-0.8.0+ds/lib/marked.js:484: text: /^(`+|[^`])(?:[\s\S]*?(?:(?=[\\<!\[`*~]|\b_|https?:\/\/|ftp:\/\/|www\.|$)|[^ ](?= {2,}\n)|[^a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-](?=[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))|(?= {2,}\n|[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))/ node-marked-0.8.0+ds/lib/marked.js-485- }); ############################################## node-marked-0.8.0+ds/src/rules.js-218- del: /^~+(?=\S)([\s\S]*?\S)~+/, node-marked-0.8.0+ds/src/rules.js:219: text: /^(`+|[^`])(?:[\s\S]*?(?:(?=[\\<!\[`*~]|\b_|https?:\/\/|ftp:\/\/|www\.|$)|[^ ](?= {2,}\n)|[^a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-](?=[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))|(?= {2,}\n|[a-zA-Z0-9.!#$%&'*+\/=?_`{\|}~-]+@))/ node-marked-0.8.0+ds/src/rules.js-220-}); ############################################## node-marked-0.8.0+ds/test/bench.js-194- argv = arg.substring(1).split('').map(ch => { node-marked-0.8.0+ds/test/bench.js:195: return `-${ch}`; node-marked-0.8.0+ds/test/bench.js-196- }).concat(argv); ############################################## node-marked-0.8.0+ds/test/bench.js-246- console.error('The following arguments are not used:'); node-marked-0.8.0+ds/test/bench.js:247: orphans.forEach(arg => console.error(` ${arg}`)); node-marked-0.8.0+ds/test/bench.js-248- console.error(); ############################################## node-marked-0.8.0+ds/test/helpers/helpers.js-15- if (result.pass) { node-marked-0.8.0+ds/test/helpers/helpers.js:16: result.message = `${spec.markdown}\n------\n\nExpected: Should Fail`; node-marked-0.8.0+ds/test/helpers/helpers.js-17- } else { node-marked-0.8.0+ds/test/helpers/helpers.js-18- const diff = await htmlDiffer.firstDiff(actual, expected); node-marked-0.8.0+ds/test/helpers/helpers.js:19: result.message = `Expected: ${diff.expected}\n Actual: ${diff.actual}`; node-marked-0.8.0+ds/test/helpers/helpers.js-20- } ############################################## node-marked-0.8.0+ds/test/helpers/load.js-60- console.log('-'.padEnd(spaces + 4, '-')); node-marked-0.8.0+ds/test/helpers/load.js:61: console.log(`| ${title.padStart(Math.ceil((spaces + title.length) / 2)).padEnd(spaces)} |`); node-marked-0.8.0+ds/test/helpers/load.js:62: console.log(`| ${' '.padEnd(spaces)} |`); node-marked-0.8.0+ds/test/helpers/load.js-63- for (const section in specs) { node-marked-0.8.0+ds/test/helpers/load.js:64: console.log(`| ${section.padEnd(longestName)} ${('' + specs[section].pass).padStart(maxSpecsLen)} of ${('' + specs[section].total).padStart(maxSpecsLen)} ${(100 * specs[section].pass / specs[section].total).toFixed().padStart(4)}% |`); node-marked-0.8.0+ds/test/helpers/load.js-65- } ############################################## node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.html-289-> node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.html:290:> return shell_exec("echo $input | $markdown_script"); node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.html-291-</code></pre> ############################################## node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.md-294- > node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.md:295: > return shell_exec("echo $input | $markdown_script"); node-marked-0.8.0+ds/test/specs/original/markdown_documentation_syntax.md-296- ############################################## node-marked-0.8.0+ds/test/specs/redos/quadratic_br.js-1-module.exports = { node-marked-0.8.0+ds/test/specs/redos/quadratic_br.js:2: markdown: `a${' '.repeat(50000)}`, node-marked-0.8.0+ds/test/specs/redos/quadratic_br.js:3: html: `<p>a${' '.repeat(50000)}</p>` node-marked-0.8.0+ds/test/specs/redos/quadratic_br.js-4-}; ############################################## node-marked-0.8.0+ds/test/specs/redos/quadratic_email.js-2- markdown: 'a'.repeat(50000), node-marked-0.8.0+ds/test/specs/redos/quadratic_email.js:3: html: `<p>${'a'.repeat(50000)}</p>` node-marked-0.8.0+ds/test/specs/redos/quadratic_email.js-4-}; ############################################## node-marked-0.8.0+ds/test/specs/run-spec.js-35- const s = (elapsed[0] + elapsed[1] * 1e-9).toFixed(3); node-marked-0.8.0+ds/test/specs/run-spec.js:36: fail(`took too long: ${s}s`); node-marked-0.8.0+ds/test/specs/run-spec.js-37- } ############################################## node-marked-0.8.0+ds/test/update-specs.js-18- const version = pkg.version.replace(/^(\d+\.\d+).*$/, '$1'); node-marked-0.8.0+ds/test/update-specs.js:19: const res2 = await fetch(`https://spec.commonmark.org/${version}/spec.json`); node-marked-0.8.0+ds/test/update-specs.js-20- const specs = await res2.json(); ############################################## node-marked-0.8.0+ds/test/update-specs.js-26- }); node-marked-0.8.0+ds/test/update-specs.js:27: fs.writeFileSync(path.resolve(dir, `./commonmark.${version}.json`), JSON.stringify(specs, null, 2) + '\n'); node-marked-0.8.0+ds/test/update-specs.js:28: console.log(`Saved CommonMark v${version} specs`); node-marked-0.8.0+ds/test/update-specs.js-29- } catch (ex) { ############################################## node-marked-0.8.0+ds/test/update-specs.js-50- specs.push({ node-marked-0.8.0+ds/test/update-specs.js:51: section: `[extension] ${section}`, node-marked-0.8.0+ds/test/update-specs.js-52- html, ############################################## node-marked-0.8.0+ds/test/update-specs.js-64- }); node-marked-0.8.0+ds/test/update-specs.js:65: fs.writeFileSync(path.resolve(dir, `./gfm.${version}.json`), JSON.stringify(specs, null, 2) + '\n'); node-marked-0.8.0+ds/test/update-specs.js:66: console.log(`Saved GFM v${version} specs.`); node-marked-0.8.0+ds/test/update-specs.js-67- } catch (ex) { ############################################## node-marked-0.8.0+ds/test/vuln-regex.js-23- if (result === vulnRegexDetector.responses.safe) { node-marked-0.8.0+ds/test/vuln-regex.js:24: console.log(`${name} is safe`); node-marked-0.8.0+ds/test/vuln-regex.js-25- return true; node-marked-0.8.0+ds/test/vuln-regex.js-26- } else if (result === vulnRegexDetector.responses.vulnerable) { node-marked-0.8.0+ds/test/vuln-regex.js:27: console.error(`${name} is vulnerable`); node-marked-0.8.0+ds/test/vuln-regex.js-28- } else { node-marked-0.8.0+ds/test/vuln-regex.js:29: console.error(`${name} might be vulnerable: ` + result.toString()); node-marked-0.8.0+ds/test/vuln-regex.js-30- } node-marked-0.8.0+ds/test/vuln-regex.js-31- } catch (ex) { node-marked-0.8.0+ds/test/vuln-regex.js:32: console.error(`${name} failed with error: ` + ex.toString()); node-marked-0.8.0+ds/test/vuln-regex.js-33- }