rehype-sanitize is a unified (rehype) plugin that sanitizes HTML to make it safe by removing anything not explicitly allowed by a schema, using a default schema based on GitHub style. It is useful when you cannot fully trust authors or the other plugins, especially when transforming user-provided HTML into a HAST tree.
Project status
- Rehype-sanitize appears to be in maintenance mode rather than actively updated, with the last upstream push on 2023-09-28, and the most recent listed updates being 6.0.0 on 2023-08-26.
- Apparent update cadence is low, with updates spaced years apart (notably 5.0.0 in 2021, 5.0.1 in 2021, then 6.0.0 in 2023).
AI summary generated Today
Recent updates
6.0.0
8/26/2023rehype-sanitize 6.0.0 updates its dependency stack (notably hast-util-sanitize and unified), requires Node.js 16, and refactors the package to use explicit ESM exports. It also updates the HTML sanitization defaults to better match how GitHub cleans content.
Breaking5.0.1
12/8/2021Release 5.0.1 is presented as an “improved docs” change, and the README update is indeed the largest portion of the diff. The code diff is small, but it includes TypeScript/JSDoc typing adjustments and a change to how `defaultSchema` is exported, plus some devDependency version bumps.
5.0.0
8/1/2021Release 5.0.0 migrates the package to ESM and rewrites the entrypoint to add JSDoc-based type information. The runtime API is now a default export function named rehypeSanitize, and the package additionally exports defaultSchema from hast-util-sanitize.
BreakingFeatures4.0.0
8/22/2020Release 4.0.0 primarily adds TypeScript type definitions for the rehype-sanitize plugin. In the process, it also bumps the runtime dependency hast-util-sanitize from v2 to v3 and updates the build/test tooling.
BreakingFeatures3.0.1
3/15/2020Release 3.0.1 updates package metadata and documentation, and adds a README Security section warning about XSS risk when deviating from safe defaults. The code diff also includes several development dependency upgrades and a lint rule adjustment.
Security3.0.0
7/1/2019Release 3.0.0 updates this package by bumping its dependency on hast-util-sanitize to the 2.x series. The published release notes only mention the hast-util-sanitize update and do not describe any behavior changes or migration steps. The only code diff shown is a package.json dependency and version range update.
2.0.3
6/1/2019Release 2.0.3 is presented as a prose refactor, but the actual changes also include CI and tooling dependency updates. The bundled library code itself is not shown as changed in the diff, but the repository metadata and development toolchain were modified.
2.0.2
11/17/2018Release 2.0.2 is primarily a tooling and housekeeping update: it adds README badges and a Contribute section, updates URLs to HTTPS, and refactors code style. The underlying runtime code change is minimal, but the repo’s build, formatting, CI, and (dev) dependency setup changed substantially.
2.0.1
6/20/2017Release 2.0.1 makes small documentation updates: it adds a "Related" section to the README and simplifies the example code in readme.md. The actual commit also updates CI and build tooling versions, and adjusts linting configuration.
2.0.0
2/24/2017Release 2.0.0 is positioned as an update for rehype@4.0.0, with a broader set of dependency bumps and build/test script adjustments. However, the code change includes a plugin API behavior shift that affects how consumers must call this package’s exported sanitize function.