markdown-link-check

v3.13.7

checks the all of the hyperlinks in a markdown text to determine if they are alive or dead For more information about how to use this package see README

Latest version published 6 months ago

License: ISC

NPM

GitHub

This is a malicious package

This package version contains malicious code that listens for network traffic when run in the context of a browser and focuses on crypto transactions. The malicious code injected to the packages activates a hook whenever a Web3 wallet is present. Once activated the code intercepts and modifies any transaction with ETH value and points it to another address presumably controlled by the attacker. The malicious code also listens for swap/transfer transactions to tamper with as well. This advisory is under ongoing investigation and can be updated with additional details. Avoid using all malicious instances of the debug package.

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
3.13.7	\|	03/2025	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.12.2	\|	05/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.8.7	\|	04/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.2.0	\|	10/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.0	\|	07/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

ISC

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (89,919)

GitHub Stars: 650
Forks: 129
Contributors: -

Direct Usage Popularity

The npm package markdown-link-check receives a total of 89,919 downloads a week. As such, we scored markdown-link-check popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package markdown-link-check, we found that it has been starred 650 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 0
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like markdown-link-check is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 31
Open PR: 6
Last Release: 6 months ago
Last Commit: 3 days ago

Further analysis of the maintenance status of markdown-link-check based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that markdown-link-check demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 10 years
Dependencies: 9 Direct
Versions: 67
Install Size: 32.4 kB
Dist-tags: 1
# of Files: 5
Maintainers: 1
TS Typings: No

markdown-link-check has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Test library workflow status

markdown-link-check

Extracts links from markdown texts and checks whether each link is alive (200 OK) or dead. mailto: links are validated with isemail.

Installation

To add the module to your project, run:

npm install --save-dev markdown-link-check

To install the command line tool globally, run:

npm install -g markdown-link-check

Run using Docker

Docker images are built with each release. Use the stable tag for the current stable release.

Add current directory with your README.md file as read only volume to docker run:

docker run -v ${PWD}:/tmp:ro --rm -i ghcr.io/tcort/markdown-link-check:stable /tmp/README.md

Alternatively, if you wish to target a specific release, images are tagged with semantic versions (i.e. 3, 3.8, 3.8.3)

Run in a GitHub action

Please head on to github-action-markdown-link-check.

Run as a pre-commit hook

To run as a pre-commit hook:

- repo: https://github.com/tcort/markdown-link-check
  rev: ...
  hooks:
    - id: markdown-link-check
      args: [-q]

Run in a GitLab pipeline

linkchecker:
  stage: test
  image:
    name: ghcr.io/tcort/markdown-link-check:3.11.2
    entrypoint: ["/bin/sh", "-c"]
  script:
    - markdown-link-check ./docs
  rules:
    - changes:
      - "**/*.md"

Run in other tools

Mega-Linter: Linters aggregator including markdown-link-check

API

markdownLinkCheck(markdown, [opts,] callback)

Given a string containing markdown formatted text and a callback, extract all of the links and check if they're alive or dead. Call the callback with (err, results)

Parameters:

markdown string containing markdown formatted text.
opts optional options object containing any of the following optional fields:
- showProgressBar enable an ASCII progress bar.
- timeout timeout in zeit/ms format. (e.g. "2000ms", 20s, 1m). Default 10s.
- httpHeaders to apply URL specific headers, see example below.
- ignorePatterns an array of objects holding regular expressions which a link is checked against and skipped for checking in case of a match. Example: [{ pattern: /foo/ }]
- replacementPatterns an array of objects holding regular expressions which are replaced in a link with their corresponding replacement string. This behavior allows (for example) to adapt to certain platform conventions hosting the Markdown. The special replacement {{BASEURL}} can be used to dynamically link to the base folder (used from projectBaseUrl) (for example that / points to the root of your local repository). Example: [{ pattern: /^.attachments/, replacement: "file://some/conventional/folder/.attachments" }, { pattern: ^/, replacement: "{{BASEURL}}/"}]. You can add "global": true to use a global regular expression to replace all instances.
- projectBaseUrl the URL to use for {{BASEURL}} replacement
- ignoreDisable if this is true then disable comments are ignored.
- retryOn429 if this is true then retry request when response is an HTTP code 429 after the duration indicated by retry-after header.
- retryCount the number of retries to be made on a 429 response. Default 2.
- fallbackRetryDelay the delay in zeit/ms format. (e.g. "2000ms", 20s, 1m) for retries on a 429 response when no retry-after header is returned or when it has an invalid value. Default is 60s.
- aliveStatusCodes a list of HTTP codes to consider as alive. Example: [200,206]
callback function which accepts (err, results).
- err an Error object when the operation cannot be completed, otherwise null.
- results an array of objects with the following properties:
  - link the link provided as input
  - status a string set to either alive, ignored or dead.
  - statusCode the HTTP status code. Set to 0 if no HTTP status code was returned (e.g. when the server is down).
  - err any connection error that occurred, otherwise null.

Disable comments

You can write html comments to disable markdown-link-check for parts of the text.

disables markdown link check. reenables markdown link check. disables markdown link check for the next line. disables markdown link check for this line.

Examples

Module

Basic usage:

'use strict';

var markdownLinkCheck = require('markdown-link-check');

markdownLinkCheck('[example](https://example.com)', function (err, results) {
    if (err) {
        console.error('Error', err);
        return;
    }
    results.forEach(function (result) {
        console.log('%s is %s', result.link, result.status);
    });
});

With options, for example using URL specific headers:

'use strict';

var markdownLinkCheck = require('markdown-link-check');

markdownLinkCheck('[example](https://example.com)', { httpHeaders: [{ urls: ['https://example.com'], headers: { 'Authorization': 'Basic Zm9vOmJhcg==' }}] }, function (err, results) {
    if (err) {
        console.error('Error', err);
        return;
    }
    results.forEach(function (result) {
        console.log('%s is %s', result.link, result.status);
    });
});

Command Line Tool

The command line tool optionally takes 1 argument, the file name or http/https URL. If not supplied, the tool reads from standard input.

Check links from a markdown file hosted on the web

markdown-link-check https://github.com/tcort/markdown-link-check/blob/master/README.md

Check links from a local markdown file

markdown-link-check ./README.md

Check links from a local markdown folder (recursive)

This checks all files in folder ./docs with file extension *.md:

markdown-link-check ./docs

The files can also be searched for and filtered manually:

find . -name \*.md -print0 | xargs -0 -n1 markdown-link-check

Usage

Usage: markdown-link-check [options] [filenameOrDirectorynameOrUrl]

Options:
  -p, --progress              show progress bar
  -c, --config [config]       apply a config file (JSON), holding e.g. url specific header configuration
  -q, --quiet                 displays errors only
  -v, --verbose               displays detailed error information
  -a, --alive <code>          comma separated list of HTTP code to be considered as alive
  -r, --retry                 retry after the duration indicated in 'retry-after' header when HTTP code is 429
  -h, --help                  display help for command
  -V, --version               display version string (e.g. `1.2.3`)
    , --projectBaseUrl   the URL to use for {{BASEURL}} replacement

Config file format

config.json:

ignorePatterns: An array of objects holding regular expressions which a link is checked against and skipped for checking in case of a match.
replacementPatterns: An array of objects holding regular expressions which are replaced in a link with their corresponding replacement string. This behavior allows (for example) to adapt to certain platform conventions hosting the Markdown. The special replacement {{BASEURL}} can be used to dynamically link to the current working directory (for example that / points to the root of your current working directory). This parameter supports named regex groups the same way as string.replace method in node.
httpHeaders: The headers are only applied to links where the link starts with one of the supplied URLs in the urls section.
timeout timeout in zeit/ms format. (e.g. "2000ms", 20s, 1m). Default 10s.
retryOn429 if this is true then retry request when response is an HTTP code 429 after the duration indicated by retry-after header.
retryCount the number of retries to be made on a 429 response. Default 2.
fallbackRetryDelay the delay in zeit/ms format. (e.g. "2000ms", 20s, 1m) for retries on a 429 response when no retry-after header is returned or when it has an invalid value. Default is 60s.
aliveStatusCodes a list of HTTP codes to consider as alive.
projectBaseUrl the URL to use for {{BASEURL}} replacement

Example:

{
  "projectBaseUrl":"${workspaceFolder}",
  "ignorePatterns": [
    {
      "pattern": "^https://example.net"
    }
  ],
  "replacementPatterns": [
    {
      "pattern": "^.attachments",
      "replacement": "file://some/conventional/folder/.attachments"
    },
    {
      "pattern": "^/",
      "replacement": "{{BASEURL}}/"
    },
    {
      "pattern": "%20",
      "replacement": "-",
      "global": true
    },
    {
      "pattern": "images/(?.*)",
      "replacement": "assets/$"
    }
  ],
  "httpHeaders": [
    {
      "urls": ["https://example.com"],
      "headers": {
        "Authorization": "Basic Zm9vOmJhcg==",
        "Foo": "Bar"
      }
    }
  ],
  "timeout": "20s",
  "retryOn429": true,
  "retryCount": 5,
  "fallbackRetryDelay": "30s",
  "aliveStatusCodes": [200, 206]
}

Testing

npm test

License

See LICENSE.md

markdown-link-check dependencies

async chalk commander link-check markdown-link-extractor needle progress proxy-agent xmlbuilder2

markdown-link-check development dependencies

@eslint/js eslint expect.js express globals mocha

FAQs

What is markdown-link-check?

checks the all of the hyperlinks in a markdown text to determine if they are alive or dead. Visit Snyk Advisor to see a full health score report for markdown-link-check, including popularity, security, maintenance & community analysis.

Is markdown-link-check popular?

The npm package markdown-link-check receives a total of 89,919 weekly downloads. As such, markdown-link-check popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is markdown-link-check well maintained?

We found indications that markdown-link-check maintenance is sustainable demonstrating some project activity. We saw a total of 0 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is markdown-link-check safe to use?

While scanning the latest version of markdown-link-check, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 14 September-2025, at 17:49 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (89,919)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

markdown-link-check

Installation

Run using Docker

Run in a GitHub action

Run as a pre-commit hook

Run in a GitLab pipeline

Run in other tools

API

markdownLinkCheck(markdown, [opts,] callback)

Disable comments

Examples

Module

Command Line Tool

Check links from a markdown file hosted on the web

Check links from a local markdown file

Check links from a local markdown folder (recursive)

Usage

Config file format

Testing

License

markdown-link-check dependencies

markdown-link-check development dependencies

FAQs

What is markdown-link-check?

Is markdown-link-check popular?

Is markdown-link-check well maintained?

Is markdown-link-check safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues