docs(readme): add Trendshift badge + star history graph + tagline fix#305
Conversation
Three small README polishes flagged on the live README screenshot: 1. Add the Trendshift badge (repo #25123) directly under the tagline so the trending signal sits at eye level with the banner. 2. Add the star-history.com graph under the badge so the growth curve is visible without scrolling — uses <picture> with dark/light variants matching the rest of the README's prefers-color-scheme convention. 3. Tagline missed two first-party integrations that already ship plugin folders in this repo (integrations/hermes, integrations/openclaw); added Hermes + OpenClaw to the agent list so the supported-clients sentence matches what the integration index actually advertises. 4. Reflow the Karpathy-gist sentence onto a single italic line — the previous block-strong + <br/> shape wrapped awkwardly on narrow viewports. Not in this PR (deferred): the stat-tag row redesign flagged on the same screenshot. That needs new SVG assets in assets/tags/ and is worth doing as a separate visual pass rather than a quick edit.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughREADME hero section markup was restructured: headline/tagline nesting and line breaks were adjusted, the Viral GitHub Gist badge counts were updated, and an explanatory sentence was moved into its own italic paragraph. ChangesREADME Documentation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Line 14: The external anchor element using target="_blank" (the <a
href="https://trendshift.io/repositories/25123" target="_blank"> tag shown)
should include rel="noopener noreferrer" to prevent potential
reverse-tabnabbing; update the anchor by adding rel="noopener noreferrer"
alongside the existing attributes so the link opens in a new tab safely while
preserving the current behavior and attributes (src, alt, width, height).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| </p> | ||
|
|
||
| <p align="center"> | ||
| <a href="https://trendshift.io/repositories/25123" target="_blank"><img src="https://trendshift.io/api/badge/repositories/25123" alt="rohitg00/agentmemory | Trendshift" width="250" height="55"/></a> |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n README.md | sed -n '10,20p'Repository: rohitg00/agentmemory
Length of output: 735
🌐 Web query:
reverse tabnabbing security vulnerability target blank 2024 2025
💡 Result:
Reverse tabnabbing (tabnabbing) vulnerability targeting target="_blank" was widely mitigated in modern “evergreen” browsers by 2023, due to browsers/standards implicitly enforcing rel="noopener" for links opened with target="_blank"; OWASP notes the issue is effectively “fixed” in modern browsers and calls it a legacy issue for older browsers/older configurations [1]. What the vulnerability is (how it works) - Reverse tabnabbing is a phishing technique where a page opened in a new tab can use the opener relationship to rewrite/redirect the original page/tab (commonly via window.opener) to a phishing site, tricking users into entering credentials on a lookalike page [1][2]. - OWASP’s testing guidance states this typically happens when an anchor uses target="_blank" without proper rel protections; pages opened via window.open are also vulnerable in affected environments [2]. How to mitigate / fix - OWASP and OWASP WSTG recommend ensuring links that use target="_blank" include rel="noopener noreferrer" [1][2]. - As additional defense-in-depth, security testing tooling like OWASP ZAP flags cases where target is used without both noopener and noreferrer as reverse tabnabbing risk and recommends using rel="noopener noreferrer" [3]. About “target blank” in 2024–2025 - There were no authoritative 2024–2025 “new CVEs” identified in the sources found here; instead, the most authoritative references state the issue is primarily a legacy condition in older browsers (e.g., OWASP explicitly cites browsers prior to Chrome 88 and Internet Explorer as vulnerable, and indicates modern browsers prevent it) [1][2]. - Therefore, the practical “2024/2025” risk is generally: apps (or embedded JS/legacy environments) that still emit target="_blank" links without rel="noopener" may be vulnerable for users on older/less compliant browsers or environments; otherwise modern browsers reduce the impact substantially [1].
Citations:
- 1: https://owasp.org/www-community/attacks/Reverse_Tabnabbing
- 2: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/14-Testing_for_Reverse_Tabnabbing
- 3: https://www.zaproxy.org/docs/alerts/10108/
Add rel="noopener noreferrer" to external link for defense-in-depth security.
The Trendshift anchor uses target="_blank" without rel="noopener noreferrer". While modern browsers (Chrome 88+, Firefox, Safari, Edge) implicitly prevent reverse-tabnabbing by default, adding this attribute is a best-practice safeguard for older browsers and maintains defense-in-depth principles.
Suggested patch
- <a href="https://trendshift.io/repositories/25123" target="_blank"><img src="https://trendshift.io/api/badge/repositories/25123" alt="rohitg00/agentmemory | Trendshift" width="250" height="55"/></a>
+ <a href="https://trendshift.io/repositories/25123" target="_blank" rel="noopener noreferrer"><img src="https://trendshift.io/api/badge/repositories/25123" alt="rohitg00/agentmemory | Trendshift" width="250" height="55"/></a>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <a href="https://trendshift.io/repositories/25123" target="_blank"><img src="https://trendshift.io/api/badge/repositories/25123" alt="rohitg00/agentmemory | Trendshift" width="250" height="55"/></a> | |
| <a href="https://trendshift.io/repositories/25123" target="_blank" rel="noopener noreferrer"><img src="https://trendshift.io/api/badge/repositories/25123" alt="rohitg00/agentmemory | Trendshift" width="250" height="55"/></a> |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 14, The external anchor element using target="_blank" (the
<a href="https://trendshift.io/repositories/25123" target="_blank"> tag shown)
should include rel="noopener noreferrer" to prevent potential
reverse-tabnabbing; update the anchor by adding rel="noopener noreferrer"
alongside the existing attributes so the link opens in a new tab safely while
preserving the current behavior and attributes (src, alt, width, height).
GitHub's image proxy doesn't reliably render <picture> with external SVG sources from api.star-history.com — the entire block came back empty in rendered README. Switched to the standard plain img inside an anchor pattern that every other widely-used repo (k8s, react, deno, etc) uses for star-history embeds. Single URL, no prefers-color-scheme variants, single fetch path for the camo proxy.
HTML form had unescaped `&type=Date` in src attribute. Browser/GitHub parsed `&type` as an HTML entity attempt, so the URL camo fetched was truncated to `?repos=rohitg00/agentmemory` — invalid endpoint, broken image. Markdown form auto-escapes ampersands, matching every other repo's star-history embed.
…riants User-provided exact snippet. Switches: - /svg -> /chart endpoint (canonical star-history.com API) - type=Date -> type=date (lowercase, matches docs) - adds legend=top-left - <picture> with prefers-color-scheme dark/light sources - outer link uses query-param form (?repos=...) not fragment (#repos=...) Matches the pattern star-history.com's own embed-generator hands out.
1 participant
Summary
Four small README polishes flagged on the live README screenshot:
star-history.com— uses<picture>with dark/lightprefers-color-schemevariants matching the rest of the README's pattern.integrations/hermes,integrations/openclaw); added Hermes + OpenClaw to the agent list.<strong>+<br/>shape wrapped awkwardly on narrower viewports.Not in this PR (deferred)
assets/tags/and is worth doing as a separate visual pass rather than a quick edit.Test plan
git diff --stat README.md— 17 insertions, 3 deletions, no code touched.Summary by CodeRabbit