{"id":15230094,"url":"https://github.com/readmeio/markdown","last_synced_at":"2026-06-05T00:01:16.127Z","repository":{"id":37496809,"uuid":"283290670","full_name":"readmeio/markdown","owner":"readmeio","description":"ReadMe's flavored Markdown parser and React-based rendering engine.","archived":false,"fork":false,"pushed_at":"2026-06-03T21:34:19.000Z","size":181078,"stargazers_count":40,"open_issues_count":37,"forks_count":18,"subscribers_count":14,"default_branch":"next","last_synced_at":"2026-06-03T23:13:29.954Z","etag":null,"topics":["gfm","markdown","mdx","rdmd","react"],"latest_commit_sha":null,"homepage":"https://rdmd.readme.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/readmeio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-28T18:07:41.000Z","updated_at":"2026-05-29T01:11:24.000Z","dependencies_parsed_at":"2026-04-06T19:01:10.525Z","dependency_job_id":null,"html_url":"https://github.com/readmeio/markdown","commit_stats":{"total_commits":2596,"total_committers":41,"mean_commits":63.31707317073171,"dds":0.7546224961479199,"last_synced_commit":"02bf11a9c7a416f4a5f60d232cc8f565cb693dc0"},"previous_names":[],"tags_count":517,"template":false,"template_full_name":null,"purl":"pkg:github/readmeio/markdown","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/readmeio%2Fmarkdown","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/readmeio%2Fmarkdown/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/readmeio%2Fmarkdown/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/readmeio%2Fmarkdown/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/readmeio","download_url":"https://codeload.github.com/readmeio/markdown/tar.gz/refs/heads/next","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/readmeio%2Fmarkdown/sbom","scorecard":{"id":766118,"data":{"date":"2025-08-11","repo":{"name":"github.com/readmeio/markdown","commit":"3464c9d7bc4e9f3963a8259a47eafc402a38ae9a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":4,"reason":"Found 13/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:17","Warn: no topLevel permission defined: .github/workflows/bundlewatch.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlewatch.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/bundlewatch.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlewatch.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/bundlewatch.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/ci.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/ci.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/ci.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/ci.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/ci.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/codeql-analysis.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/codeql-analysis.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/codeql-analysis.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/release.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/release.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/release.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/release.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/readmeio/markdown/release.yml/next?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: npmCommand not pinned by hash: Dockerfile:16","Warn: npmCommand not pinned by hash: Dockerfile:22","Warn: npmCommand not pinned by hash: .github/workflows/bundlewatch.yml:17","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:29","Warn: npmCommand not pinned by hash: .github/workflows/release.yml:27","Info:   0 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   3 out of   8 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/readmeio/.github/.github/SECURITY.md:1","Info: Found linked content: github.com/readmeio/.github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/readmeio/.github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/readmeio/.github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (15) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"14 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-wrw9-m778-g6mc","Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-x6fg-f45m-jf5q","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T00:51:34.707Z","repository_id":37496809,"created_at":"2025-08-23T00:51:34.707Z","updated_at":"2025-08-23T00:51:34.707Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33924832,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-04T02:00:06.755Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gfm","markdown","mdx","rdmd","react"],"created_at":"2024-09-29T02:05:28.428Z","updated_at":"2026-06-05T00:01:16.121Z","avatar_url":"https://github.com/readmeio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://npm.im/@readme/markdown\"\u003e\n    \u003cimg src=\"https://owlbertsio-resized.s3.amazonaws.com/Reading.psd.full.png\" width=\"150\" alt=\"rmdx\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  ReadMe's MDX rendering engine and custom component collection.\u003cbr /\u003e\n  \u003csub\u003e\n    Use ReadMe? \u003ca href=\"https://docs.readme.com/rdmd/page/mdx-engine\"\u003eLearn more about our upcoming move to MDX!\u003c/a\u003e\n  \u003c/sub\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://npm.im/@readme/markdown\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@readme/markdown?style=for-the-badge\" alt=\"NPM Version\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://npm.im/@readme/markdown\"\u003e\u003cimg src=\"https://img.shields.io/npm/l/@readme/markdown?style=for-the-badge\" alt=\"MIT License\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/readmeio/markdown\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/readmeio/markdown/ci.yml?branch=main\u0026style=for-the-badge\" alt=\"Build status\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://readme.com\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/readmeio/.github/main/oss-badge.svg\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Usage\n\nTo use the engine, install it from NPM:\n\n```\nnpm install --save @readme/markdown\n```\n\nThen [`compile`](#compile) and [`run`](#run) your MDX:\n\n```jsx\nimport RMDX from '@readme/markdown';\n\nexport default ({ body }) =\u003e \u003cdiv className=\"markdown-body\"\u003e{RMDX.run(RMDX.compile(body))}\u003c/div\u003e;\n```\n\n## API\n\n### `compile`\n\nCompiles MDX to JS. Essentially a wrapper around [`mdx.compile`](https://mdxjs.com/packages/mdx/#compilefile-options). Used before calling [`run`](#run); it has been left as a seperate method for potential caching opportunities.\n\n#### Parameters\n\n- **`string`** (`string`)—an MDX document\n- **`opts`** ([`CompileOpts`](#compileopts), optional)—a configuration object\n\n#### Returns\n\nA string of compiled Javascript module code.\n\n### `run`\n\n\u003e [!CAUTION]\n\u003e This is essentially a wrapper around [`mdx.run`](https://mdxjs.com/packages/mdx/#runcode-options) and **it will `eval` the compiled MDX**. Make sure you only call `run` on safe syntax from a trusted author!\n\n#### Parameters\n\n- **`string`** (`string`)—a compiled mdx document\n- **`opts`** (`RunOpts`, optional)—configuration\n\n#### Returns\n\nAn [`RMDXModule`](#rmdxmodule) of renderable components.\n\n### `mdx`\n\nCompiles an AST to a string of MDX syntax.\n\n#### Parameters\n\n- **`tree`** (`object`)—an abstract syntax tree\n- **`opts`** ([`Options`](https://github.com/remarkjs/remark/tree/main/packages/remark-stringify#options '`remark-stringify` Options type'))—`remark-stringify` configuration.\n\n#### Returns\n\nAn MDX string.\n\n### Other Methods\n\n- **`mdast`**: parse MDX syntax to MDAST.\n- **`hast`**: parse MDX syntax to HAST.\n- **`plain`**: parse MDX to a plaintext string with all Markdown syntax removed. (This _does not_ `eval` the doc.)\n- **`tags`**: get a list of tag names from the doc. (This _does not_ `eval` the doc.)\n- **`utils`**: additional defaults, helper methods, components, and so on.\n\n## Types\n\n### `CompileOpts`\n\nExtends [`CompileOptions`](https://mdxjs.com/packages/mdx/#compileoptions)\n\n##### Additional Properties\n\n- **`lazyImages`** (`boolean`, optional)—load images lazily\n- **`safeMode`** (`boolean`, optional)—extract script tags from `HTMLBlock`s\n- **`components`** (`Record\u003cstring, string\u003e`, optional)—an object of tag names to mdx.\n- **`copyButtons`** (`Boolean`, optional) — add a copy button to code blocks\n\n### `RunOpts`\n\nExtends [`RunOptions`](https://mdxjs.com/packages/mdx/#runoptions)\n\n##### Additional Properties\n\n- **`components`** (`Record\u003cstring, MDXModule\u003e`, optional)—a set of custom MDX components\n- **`imports`** (`Record\u003cstring, unknown\u003e`, optional)—an set of modules to import globally\n- **`terms`** (`GlossaryTerm[]`, optional)\n- **`variables`** (`Variables`, optional)—an object containing [user variables](https://github.com/readmeio/variable)\n\n### `RMDXModule`\n\n##### Properties\n\n- **`default`** (`() =\u003e MDXContent`)—the MDX douments default export\n- **`toc`** (`HastHeading[]`)—a list of headings in the document\n- **`Toc`** (`() =\u003e MDCContent`)—a table of contents component\n\n## Local development and testing\n\nTo make changes to the RDMD engine locally, run the local development server. Clone the repo, `cd` in to it, `npm install`, and `npm run start`!\n\nIf you make changes to the docs or how the markdown is rendered, you may need to update the visual regression snapshots by running `make updateSnapshot`. Running these browser tests requires `docker`. Follow the docker [install instructions for mac](https://docs.docker.com/docker-for-mac/install/). You may want to increase the [memory usage](https://docs.docker.com/docker-for-mac/#resources). If you have not already, you'll need to create an account for `docker hub` and [sign-in locally](https://docs.docker.com/docker-for-mac/#docker-hub).\n\n### Linking Changes to the Main Repo\n\nTo test local changes in the main readme app, use `npm pack` (not `npm link`) and clear the webpack cache:\n\n**In this repo, run:**\n\n```\nnpm ci \u0026\u0026 npm run build\n```\n\n**In the main app repo:**\n\nAdd to `.env`:\n\n```\nMARKDOWN_DIR={{path to local markdown repo}}\n```\n\nRun:\n\n```\nmake link-markdown \u0026\u0026 rm -rf webpack-cache \u0026\u0026 make webpack \u0026\u0026 make start\n```\n\n\u003e **Note:** You must clear `webpack-cache` after every reinstall or the app will serve the old version.\n\n### Linking Changes to Storybook\n\n`npm link` works with the storybook app:\n\n**In this repo, run:**\n\n```\nnpm link \u0026\u0026 npm run watch\n```\n\n**In the main app repo, run:**\n\n```\nnpm link $PATH_TO_LOCAL_MARKDOWN_REPO\n```\n\n## Releases\n\nFirst, update `main` with what’s on `next`:\n\n```\ngit switch next\ngit pull\ngit switch main\ngit pull\ngit merge --no-ff next\ngit push\n```\n\nWAIT until the build is finished, then update `next`:\n\n```\ngit pull\ngit switch next\ngit merge main\ngit push\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freadmeio%2Fmarkdown","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freadmeio%2Fmarkdown","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freadmeio%2Fmarkdown/lists"}