{"id":13463229,"url":"https://github.com/github/markup","last_synced_at":"2026-05-05T02:07:24.044Z","repository":{"id":709246,"uuid":"355893","full_name":"github/markup","owner":"github","description":"Determines which markup library to use to render a content file (e.g. README) on GitHub","archived":false,"fork":false,"pushed_at":"2026-04-29T10:24:30.000Z","size":864,"stargazers_count":6023,"open_issues_count":22,"forks_count":3369,"subscribers_count":614,"default_branch":"master","last_synced_at":"2026-05-01T22:04:38.055Z","etag":null,"topics":["readme"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2009-10-31T01:02:46.000Z","updated_at":"2026-04-30T20:45:02.000Z","dependencies_parsed_at":"2025-12-12T02:01:17.902Z","dependency_job_id":null,"html_url":"https://github.com/github/markup","commit_stats":{"total_commits":552,"total_committers":106,"mean_commits":"5.2075471698113205","dds":0.8351449275362319,"last_synced_commit":"6f4f436f14eae59df8561c532afe42c46ec4b323"},"previous_names":[],"tags_count":68,"template":false,"template_full_name":null,"purl":"pkg:github/github/markup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fmarkup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fmarkup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fmarkup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fmarkup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/markup/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fmarkup/sbom","scorecard":{"id":428201,"data":{"date":"2025-08-11","repo":{"name":"github.com/github/markup","commit":"ebfff7059dcd84c8ec32df138392decfc6544fda"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Code-Review","score":2,"reason":"Found 1/4 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":2,"reason":"3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:8","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v5.0.1 not signed: https://api.github.com/repos/github/markup/releases/160891557","Warn: release artifact v5.0.0 not signed: https://api.github.com/repos/github/markup/releases/160883340","Warn: release artifact v5.0.1 does not have provenance: https://api.github.com/repos/github/markup/releases/160891557","Warn: release artifact v5.0.0 does not have provenance: https://api.github.com/repos/github/markup/releases/160883340"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/github/markup/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/github/markup/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/github/markup/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/github/markup/stale.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:trusty to ubuntu:trusty@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30","Warn: downloadThenRun not pinned by hash: Dockerfile:18","Warn: pipCommand not pinned by hash: Dockerfile:21","Warn: downloadThenRun not pinned by hash: Dockerfile:24","Warn: pipCommand not pinned by hash: script/bootstrap:8","Warn: pipCommand not pinned by hash: script/bootstrap.contrib:9","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:57","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/github/.github/SECURITY.md:1","Info: Found linked content: github.com/github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-48wp-p9qv-4j64","Warn: Project is vulnerable to: GHSA-4qw4-jpp4-8gvp","Warn: Project is vulnerable to: GHSA-636f-xm5j-pj9m","Warn: Project is vulnerable to: GHSA-7vh7-fw88-wj87","Warn: Project is vulnerable to: GHSA-fmx4-26r3-wxpf"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T02:43:02.723Z","repository_id":709246,"created_at":"2025-08-19T02:43:02.723Z","updated_at":"2025-08-19T02:43:02.723Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32544559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-02T12:25:33.646Z","status":"ssl_error","status_checked_at":"2026-05-02T12:24:51.733Z","response_time":132,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["readme"],"created_at":"2024-07-31T13:00:48.562Z","updated_at":"2026-05-05T02:07:24.012Z","avatar_url":"https://github.com/github.png","language":"Ruby","funding_links":[],"categories":["HTML \u0026 Markup","Ruby","Web 后端","docs","对打造产品有帮助","Gems"],"sub_categories":["Markup processors","Markdown"],"readme":"GitHub Markup\n=============\n\nThis library is the **first step** of a journey that every markup file in a repository goes on before it is rendered on GitHub.com:\n\n1. `github-markup` selects an _underlying library_ to convert the raw markup to HTML. See the list of [supported markup formats](#markups) below.\n1. The HTML is sanitized, aggressively removing things that could harm you and your kin—such as `script` tags, inline-styles, and `class` or `id` attributes.\n1. Syntax highlighting is performed on code blocks. See [github/linguist](https://github.com/github/linguist#syntax-highlighting) for more information about syntax highlighting.\n1. The HTML is passed through other filters that add special sauce, such as emoji, task lists, named anchors, CDN caching for images, and autolinking.\n1. The resulting HTML is rendered on GitHub.com.\n\nPlease note that **only the first step** is covered by this gem — the rest happens on GitHub.com.  In particular, `markup` itself does no sanitization of the resulting HTML, as it expects that to be covered by whatever pipeline is consuming the HTML.\n\nPlease see our [contributing guidelines](CONTRIBUTING.md) before reporting an issue.\n\nMarkups\n-------\n\nThe following markups are supported.  The dependencies listed are required if\nyou wish to run the library. You can also run `script/bootstrap` to fetch them all.\n\n* [.markdown, .mdown, .mkdn, .md](http://daringfireball.net/projects/markdown/) -- `gem install commonmarker` (https://github.com/gjtorikian/commonmarker)\n* [.textile](https://textile-lang.com/) -- `gem install RedCloth` (https://github.com/jgarber/redcloth)\n* [.rdoc](https://ruby.github.io/rdoc/) -- `gem install rdoc -v 3.6.1`\n* [.org](http://orgmode.org/) -- `gem install org-ruby` (https://github.com/wallyqs/org-ruby)\n* [.creole](http://wikicreole.org/) -- `gem install creole` (https://github.com/larsch/creole)\n* [.mediawiki, .wiki](http://www.mediawiki.org/wiki/Help:Formatting) -- `gem install wikicloth` (https://github.com/nricciar/wikicloth)\n* [.rst](http://docutils.sourceforge.net/rst.html) -- `pip install docutils`\n* [.asciidoc, .adoc, .asc](http://asciidoc.org/) -- `gem install asciidoctor` (http://asciidoctor.org)\n* [.pod](http://search.cpan.org/dist/perl/pod/perlpod.pod) -- `Pod::Simple::XHTML`\n  comes with Perl \u003e= 5.10. Lower versions should install Pod::Simple from CPAN.\n\nInstallation\n-----------\n\n```\ngem install github-markup\n```\n\nor\n\n```\nbundle install\n```\n\nfrom this directory.\n\nUsage\n-----\n\nBasic form:\n\n```ruby\nrequire 'github/markup'\n\nGitHub::Markup.render('README.markdown', \"* One\\n* Two\")\n```\n\nMore realistic form:\n\n```ruby\nrequire 'github/markup'\n\nGitHub::Markup.render(file, File.read(file))\n```\n\nAnd a convenience form:\n\n```ruby\nrequire 'github/markup'\n\nGitHub::Markup.render_s(GitHub::Markups::MARKUP_MARKDOWN, \"* One\\n* Two\")\n```\n\nLocal Development\n-----------------\n\n```sh\npython3 -m venv .venv\nsource .venv/bin/activate\ncd script\n./bootstrap\n```\n\nContributing\n------------\n\nSee [Contributing](CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fmarkup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub%2Fmarkup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fmarkup/lists"}