markdown-spellchecker is the package that depends on outdated & insecure versions of marked, and it appears to be no longer maintained. I searched a bit for an alternative and found one that is actively maintained, yaspeller.
Some advantages of yaspeller:
You can tell it to ignore any words with numbers in them, words with all uppercase, and its custom dictionary also accepts regular expressions. This made our dictionary a lot smaller. It also uses a config file.
Change summary:
[x] install yaspeller and uninstall markdown-spellcheker
[x] configure yaspeller and convert the dictionary to its format
[x] delete the old dictionary
[x] update the package.json script for running the spellchecker
[x] fix any newly discovered spelling mistakes
[x] make sure tests/CI still pass
Steps to Verify:
CI should pass, but if you want to run it yourself, just check out the branch, run npm install and then npm run spellcheck, and there should be no errors.
Screenshots (optional):
shannonwells github/spec: chore/dependabot-marked $ npm run spellcheck
> liberty-protocol-spec@0.0.1 spellcheck
> yaspeller .
Spelling check:
✓ /Users/shannonwells/github/spec/.github/ISSUE_TEMPLATE/DSNP_Issue.md 759 ms
✓ /Users/shannonwells/github/spec/CODE_OF_CONDUCT.md 783 ms
✓ /Users/shannonwells/github/spec/.github/ISSUE_TEMPLATE/DSNP_Discussion.md 806 ms
✓ /Users/shannonwells/github/spec/.github/PULL_REQUEST_TEMPLATE.md 813 ms
✓ /Users/shannonwells/github/spec/.github/ISSUE_TEMPLATE/DSNP_Improvement_Proposal.md 826 ms
✓ /Users/shannonwells/github/spec/CONTRIBUTING.md 413 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Associated/Location.md 556 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Associated/Attachments.md 596 ms
✓ /Users/shannonwells/github/spec/README.md 606 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Associated/Hash.md 588 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Associated/Tag.md 425 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Types/Profile.md 389 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Types/Note.md 398 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Announcements.md 393 ms
✓ /Users/shannonwells/github/spec/pages/ActivityContent/Overview.md 454 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/BatchPublications.md 463 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Graph.md 419 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Overview.md 378 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Identifiers.md 450 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Identity.md 442 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Serializations.md 455 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/Broadcast.md 428 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Signatures.md 458 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/Profile.md 454 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/GraphChange.md 467 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/Reaction.md 548 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/Reply.md 441 ms
✓ /Users/shannonwells/github/spec/pages/DSNP/Types/Tombstone.md 417 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Identifiers.md 435 ms
✓ /Users/shannonwells/github/spec/pages/Draft/Archivists.md 494 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Overview.md 384 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Identity.md 465 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/IdentityFactory.md 464 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Publishing.md 455 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Registry.md 446 ms
✓ /Users/shannonwells/github/spec/pages/Ethereum/Validation.md 439 ms
✓ /Users/shannonwells/github/spec/pages/Implementations.md 582 ms
✓ /Users/shannonwells/github/spec/pages/Index.md 582 ms
✓ /Users/shannonwells/github/spec/pages/Reference/Glossary.md 532 ms
✓ /Users/shannonwells/github/spec/pages/Roadmap.md 492 ms
✓ /Users/shannonwells/github/spec/pages/SUMMARY.md 441 ms
No errors.
Checking finished: 4.442 sec.
Problem
Dependabot alerts were bugging me like crazy.
Solution
markdown-spellchecker
is the package that depends on outdated & insecure versions ofmarked
, and it appears to be no longer maintained. I searched a bit for an alternative and found one that is actively maintained,yaspeller
.Some advantages of yaspeller: You can tell it to ignore any words with numbers in them, words with all uppercase, and its custom dictionary also accepts regular expressions. This made our dictionary a lot smaller. It also uses a config file.
Change summary:
Steps to Verify:
npm install
and thennpm run spellcheck
, and there should be no errors.Screenshots (optional):