{"id":43549774,"url":"https://github.com/syntax-tree/hast-util-raw","last_synced_at":"2026-02-03T19:14:28.521Z","repository":{"id":47387468,"uuid":"71446824","full_name":"syntax-tree/hast-util-raw","owner":"syntax-tree","description":"utility to reparse a hast tree","archived":false,"fork":false,"pushed_at":"2025-04-21T11:25:45.000Z","size":262,"stargazers_count":12,"open_issues_count":0,"forks_count":4,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-01-29T21:27:41.540Z","etag":null,"topics":["hast","hast-util","html","raw","syntax-tree","util"],"latest_commit_sha":null,"homepage":"https://unifiedjs.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/syntax-tree.png","metadata":{"funding":{"github":"unifiedjs","open_collective":"unified","thanks_dev":"u/gh/syntax-tree"},"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-10-20T09:28:17.000Z","updated_at":"2025-06-27T11:21:25.000Z","dependencies_parsed_at":"2024-06-17T12:04:10.147Z","dependency_job_id":"1f7f4d71-67a2-4fe4-974e-c907b73f59db","html_url":"https://github.com/syntax-tree/hast-util-raw","commit_stats":null,"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/syntax-tree/hast-util-raw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syntax-tree%2Fhast-util-raw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syntax-tree%2Fhast-util-raw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syntax-tree%2Fhast-util-raw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syntax-tree%2Fhast-util-raw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/syntax-tree","download_url":"https://codeload.github.com/syntax-tree/hast-util-raw/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/syntax-tree%2Fhast-util-raw/sbom","scorecard":{"id":863453,"data":{"date":"2025-08-11","repo":{"name":"github.com/syntax-tree/hast-util-raw","commit":"ad15a52350463223504999a6c4c763e1994522d4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":2,"reason":"0 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/bb.yml:5: update your workflow using https://app.stepsecurity.io/secureworkflow/syntax-tree/hast-util-raw/bb.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/syntax-tree/hast-util-raw/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/syntax-tree/hast-util-raw/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/syntax-tree/hast-util-raw/main.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/main.yml:11","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/bb.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: license:0","Info: FSF or OSI recognized license: MIT License: license:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/syntax-tree/.github/security.md:1","Info: Found linked content: github.com/syntax-tree/.github/security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/syntax-tree/.github/security.md:1","Info: Found text in security policy: github.com/syntax-tree/.github/security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T02:00:35.049Z","repository_id":47387468,"created_at":"2025-08-24T02:00:35.049Z","updated_at":"2025-08-24T02:00:35.049Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29054202,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T15:43:47.601Z","status":"ssl_error","status_checked_at":"2026-02-03T15:43:46.709Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hast","hast-util","html","raw","syntax-tree","util"],"created_at":"2026-02-03T19:12:31.447Z","updated_at":"2026-02-03T19:14:22.145Z","avatar_url":"https://github.com/syntax-tree.png","language":"JavaScript","readme":"# hast-util-raw\n\n[![Build][badge-build-image]][badge-build-url]\n[![Coverage][badge-coverage-image]][badge-coverage-url]\n[![Downloads][badge-downloads-image]][badge-downloads-url]\n[![Size][badge-size-image]][badge-size-url]\n\n[hast][github-hast] utility to parse the tree and semistandard `raw` nodes\n(strings of HTML) again,\nkeeping positional info okay.\n\n## Contents\n\n* [What is this?](#what-is-this)\n* [When should I use this?](#when-should-i-use-this)\n* [Install](#install)\n* [Use](#use)\n* [API](#api)\n  * [`Options`](#options)\n  * [`raw(tree, options)`](#rawtree-options)\n* [Types](#types)\n* [Compatibility](#compatibility)\n* [Security](#security)\n* [Related](#related)\n* [Contribute](#contribute)\n* [License](#license)\n\n## What is this?\n\nThis package is a utility to parse a document again.\nIt passes each node and embedded raw HTML through an HTML parser\n([`parse5`][github-parse5]),\nto recreate a tree exactly as how a browser would parse it,\nwhile keeping the original data and positional info intact.\n\n## When should I use this?\n\nThis utility is particularly useful when coming from markdown and wanting to\nsupport HTML embedded inside that markdown\n(which requires passing\n`allowDangerousHtml: true` to\n[`mdast-util-to-hast`][github-mdast-util-to-hast]).\nMarkdown dictates how,\nsay,\na list item or emphasis can be parsed.\nWe can use that to turn the markdown syntax tree into an HTML syntax tree.\nBut markdown also dictates that things that look like HTML,\nare passed through untouched,\neven when it just looks like XML but doesn’t really make sense,\nso we can’t normally use these strings of “HTML” to create an HTML syntax tree.\nThis utility can.\nIt can be used to take those strings of HTML and include them into the syntax\ntree as actual nodes.\n\nIf your final result is HTML and you trust content,\nthen “strings” are fine\n(you can pass `allowDangerousHtml: true` to `hast-util-to-html`,\nwhich passes HTML through untouched).\nBut there are two main cases where a proper syntax tree is preferred:\n\n* hast utilities need a proper syntax tree as they operate on actual nodes to\n  inspect or transform things,\n  they can’t operate on strings of HTML\n* other output formats\n  (React, MDX, etc)\n  need actual nodes and can’t handle strings of HTML\n\nThe plugin [`rehype-raw`][github-rehype-raw] wraps this utility at a\nhigher-level (easier) abstraction.\n\n## Install\n\nThis package is [ESM only][github-gist-esm].\nIn Node.js (version 16+),\ninstall with [npm][npmjs-install]:\n\n```sh\nnpm install hast-util-raw\n```\n\nIn Deno with [`esm.sh`][esmsh]:\n\n```js\nimport {raw} from 'https://esm.sh/hast-util-raw@9'\n```\n\nIn browsers with [`esm.sh`][esmsh]:\n\n```html\n\u003cscript type=\"module\"\u003e\n  import {raw} from 'https://esm.sh/hast-util-raw@9?bundle'\n\u003c/script\u003e\n```\n\n## Use\n\n```js\nimport {h} from 'hastscript'\nimport {raw} from 'hast-util-raw'\n\nconst tree = h('div', [h('h1', ['Foo ', h('h2', 'Bar'), ' Baz'])])\n\nconst reformatted = raw(tree)\n\nconsole.log(reformatted)\n```\n\nYields:\n\n```js\n{ type: 'element',\n  tagName: 'div',\n  properties: {},\n  children:\n   [ { type: 'element',\n       tagName: 'h1',\n       properties: {},\n       children: [Object] },\n     { type: 'element',\n       tagName: 'h2',\n       properties: {},\n       children: [Object] },\n     { type: 'text', value: ' Baz' } ] }\n```\n\n## API\n\n### `Options`\n\nConfiguration.\n\n###### Fields\n\n* `file?` (`VFile | null | undefined`)\n  — corresponding virtual file representing the input document (optional)\n* `passThrough?` (`Array\u003cstring\u003e | null | undefined`)\n\n  List of custom hast node types to pass through (as in, keep) (optional).\n\n  If the passed through nodes have children, those children are expected to\n  be hast again and will be handled.\n* `tagfilter?` (`boolean | null | undefined`)\n\n  Whether to disallow irregular tags in `raw` nodes according to GFM\n  tagfilter\n  (default: `false`).\n\n  This affects the following tags,\n  grouped by their kind:\n  * `RAWTEXT`: `iframe`, `noembed`, `noframes`, `style`, `xmp`\n  * `RCDATA`: `textarea`, `title`\n  * `SCRIPT_DATA`: `script`\n  * `PLAINTEXT`: `plaintext`\n  When you know that you do not want authors to write these tags,\n  you can enable this option to prevent their use from running amok.\n\n  See:\n  [*Disallowed Raw HTML* in\n  `cmark-gfm`](https://github.github.com/gfm/#disallowed-raw-html-extension-).\n\n### `raw(tree, options)`\n\nPass a hast tree through an HTML parser,\nwhich will fix nesting,\nand turn raw nodes into actual nodes.\n\n###### Parameters\n\n* `tree` (`Root | RootContent`)\n  — original hast tree to transform\n* `options?` (`Options | null | undefined`)\n  — configuration (optional)\n\n###### Returns\n\nParsed again tree (`Root | RootContent`).\n\n## Types\n\nThis package is fully typed with [TypeScript][].\nIt exports the additional type [`Options`][api-options].\n\nThe `Raw` node type is registered by and exposed from\n[`mdast-util-to-hast`][github-mdast-util-to-hast].\n\n## Compatibility\n\nProjects maintained by the unified collective are compatible with maintained\nversions of Node.js.\n\nWhen we cut a new major release,\nwe drop support for unmaintained versions of Node.\nThis means we try to keep the current release line,\n`hast-util-raw@9`,\ncompatible with Node.js 16.\n\n## Security\n\nUse of `hast-util-raw` can open you up to a\n[cross-site scripting (XSS)][wikipedia-xss]\nattack as `raw` nodes are unsafe.\nThe following example shows how a raw node is used to inject a script that runs\nwhen loaded in a browser.\n\n```js\nraw({type: 'root', children: [{type: 'raw', value: '\u003cscript\u003ealert(1)\u003c/script\u003e'}]})\n```\n\nYields:\n\n```html\n\u003cscript\u003ealert(1)\u003c/script\u003e\n```\n\nEither do not use this utility in combination with user input,\nor use [`hast-util-santize`][github-hast-util-sanitize].\n\n## Related\n\n* [`mdast-util-to-hast`][github-mdast-util-to-hast]\n  — transform mdast to hast\n* [`rehype-raw`][github-rehype-raw]\n  — rehype plugin\n\n## Contribute\n\nSee [`contributing.md`][health-contributing] in [`syntax-tree/.github`][health]\nfor ways to get started.\nSee [`support.md`][health-support] for ways to get help.\n\nThis project has a [code of conduct][health-coc].\nBy interacting with this repository,\norganization,\nor community you agree to abide by its terms.\n\n## License\n\n[MIT][file-license] © [Titus Wormer][wooorm]\n\n\u003c!-- Definitions --\u003e\n\n[api-options]: #options\n\n[badge-build-image]: https://github.com/syntax-tree/hast-util-raw/workflows/main/badge.svg\n\n[badge-build-url]: https://github.com/syntax-tree/hast-util-raw/actions\n\n[badge-coverage-image]: https://img.shields.io/codecov/c/github/syntax-tree/hast-util-raw.svg\n\n[badge-coverage-url]: https://codecov.io/github/syntax-tree/hast-util-raw\n\n[badge-downloads-image]: https://img.shields.io/npm/dm/hast-util-raw.svg\n\n[badge-downloads-url]: https://www.npmjs.com/package/hast-util-raw\n\n[badge-size-image]: https://img.shields.io/bundlejs/size/hast-util-raw\n\n[badge-size-url]: https://bundlejs.com/?q=hast-util-raw\n\n[esmsh]: https://esm.sh\n\n[file-license]: license\n\n[github-gist-esm]: https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c\n\n[github-hast]: https://github.com/syntax-tree/hast\n\n[github-hast-util-sanitize]: https://github.com/syntax-tree/hast-util-sanitize\n\n[github-mdast-util-to-hast]: https://github.com/syntax-tree/mdast-util-to-hast\n\n[github-parse5]: https://github.com/inikulin/parse5\n\n[github-rehype-raw]: https://github.com/rehypejs/rehype-raw\n\n[health]: https://github.com/syntax-tree/.github\n\n[health-coc]: https://github.com/syntax-tree/.github/blob/main/code-of-conduct.md\n\n[health-contributing]: https://github.com/syntax-tree/.github/blob/main/contributing.md\n\n[health-support]: https://github.com/syntax-tree/.github/blob/main/support.md\n\n[npmjs-install]: https://docs.npmjs.com/cli/install\n\n[typescript]: https://www.typescriptlang.org\n\n[wikipedia-xss]: https://en.wikipedia.org/wiki/Cross-site_scripting\n\n[wooorm]: https://wooorm.com\n","funding_links":["https://github.com/sponsors/unifiedjs","https://opencollective.com/unified","https://thanks.dev/u/gh/syntax-tree"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyntax-tree%2Fhast-util-raw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsyntax-tree%2Fhast-util-raw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsyntax-tree%2Fhast-util-raw/lists"}