Releases: CognitiveSand/md2pdf
Releases · CognitiveSand/md2pdf
Release list
v0.1.5
Added
--versionCLI option: prints the version, license, and publisher. The version and license are read frompackage.jsonat runtime, so the output tracks every release automatically.
$ md2pdf --version
md2pdf 0.1.5
MIT license. Built by CognitiveSand: https://cognitivesand.ai
v0.1.4
Security
- Runtime dependency tree cut from ~110 packages to 11. Mermaid never executes in Node — md2pdf only inlines its prebuilt browser bundle into the generated HTML. The bundle now ships inside the package as a vendored, checksummed asset (mermaid@11.16.0, declared in
artifacts.json), and the mermaid npm subtree (source of Socket.dev supply-chain alerts: obfuscated code, shell access, eval, 27 unmaintained packages) is no longer installed on user machines. - Transitive
dompurifyadvisories (GHSA-vxr8-fq34-vvx9, GHSA-gvmj-g25r-r7wr, GHSA-cmwh-pvxp-8882) cleared;npm auditreports zero vulnerabilities.
Changed
- Package renamed to the
@cognitivesandscope: install withnpm install --global @cognitivesand/md2pdfor runnpx @cognitivesand/md2pdf notes.md. Works with Bun viabunx. - README restructured: quickstart first, project motivation and objectives, then usage and contribution details.
- Real-browser Mermaid smoke test now compares against a text-only baseline instead of a Chromium-calibrated byte bound, so it passes on Firefox/cairo too.
- Publishing is automated: GitHub releases publish to npm via trusted publishing (OIDC) with provenance.