GitShow/facebook/docusaurus
facebook

docusaurus

Easy to maintain open source documentation websites.

by facebook
documentationhacktoberfestjavascriptopen-sourcereactwebsite
Star on GitHubForkWebsitenpm

TypeScript

65.5k stars9.9k forks1.3k contributorsActive · 5d agoSince 2017v3.10.1MIT

Meet the team

See all 1333 on GitHub →
slorber
slorber1.2k contributions
lex111
lex111644 contributions
endiliey
endiliey628 contributions
Josh-Cena
Josh-Cena615 contributions
yangshun
yangshun361 contributions
dependabot[bot]Bot
dependabot[bot]307 contributions
JoelMarcey
JoelMarcey293 contributions
deltice
deltice139 contributions

Languages

View on GitHub →
TypeScript95.9%
JavaScript2%
CSS1.8%
XSLT0.2%
AppleScript0.1%
EJS0%

Commit activity

Last 12 weeks · 114 commits

Full graph →

Community health

5 of 6 standards met

Community profile →
87
✓README✓License✓Contributing✓Code of Conduct○Issue Template✓PR Template

Recent PRs & issues

Active · Last activity 5d ago
See all on GitHub →
spokodev
fix(utils-common): keep dollar signs when applying trailing slashOpenPR

builds its result with . treats sequences in the replacement string specially, and is a valid pathname character. So a pathname containing followed by , , backtick or a quote gets corrupted when a trailing slash is added or removed. For example, with : /docs/a$$b becomes /docs/a$b/ /docs/a$&b becomes /docs/a/docs/a$&bb/ runs on real user-facing links through `trailingSlashnewPathnamenewPathname + path.slice(pathname.length)pathnamepath.split(/[#?]/)[0]$$`. This change was prepared with AI assistance, disclosed per the contributing guide.

spokodev · 42m ago
paragao
fix(core): use textContent instead of innerHTML for pathname display in BaseUrlIssueBannerOpenIssue

Description The function in uses to display a value derived from : While the practical exploitability is low (browsers percent-encode in ), this pattern causes every Docusaurus project to be flagged by automated security scanners (SAST/DAST) as a DOM-based XSS vulnerability — user-controlled input flowing into a dangerous DOM sink without sanitization. CWE: CWE-79 — Improper Neutralization of Input During Web Page Generation (Cross-site Scripting), DOM-based variant Impact Downstream scanner noise: Tools like Snyk, SonarQube, Semgrep, CodeQL, and AWS ACAT flag this in the generated build output of every Docusaurus site with (the default). This creates security tickets across thousands of organizations. Defense-in-depth: Even though browsers currently percent-encode in URLs, relying on browser encoding behavior for XSS prevention is not a recognized secure coding practice. Future browser changes, non-standard URL handling, or server-side URL rewriting could alter this assumption. Semantic correctness: is always a URL path string (e.g., ). Displaying text via is a code smell — is the semantically correct API. Reproduction 1. Build any Docusaurus site (e.g., ) 2. Run a SAST scanner against the generated output 3. Scanner identifies assignment of as DOM-based XSS (CWE-79) Suggested Fix One-line change — replace with : This renders identically (the value is always a plain path string) with zero functional side effects. Note:** The assignment on line 57 should remain unchanged — is a trusted HTML template generated at build time containing DOM elements (`main`) Affects all versions since the feature was introduced (PR #3621)

paragao · 1d ago
gunjanjaswal
fix(utils): stop createExcerpt leaking a multi-line JSX element into the descriptionOpenPR

Motivation Fixes #12214. builds the auto / by scanning a doc line by line. It strips HTML/JSX with , which only matches a tag that opens and closes on the same line. When the first content node is a multi-line JSX/MDX element, only its first line is seen (e.g. `inHTMLinImportinCode>creates excerpt after a multi-line JSX elementmarkdownUtils.test.ts<MyComponentdocusaurus-utils` unit tests.

gunjanjaswal · 1d ago

Recent fixes

View closed PRs →
waqarilyas
feat(content-docs): support custom versioned docs pathMergedPR

Summary Fixes #8061. This adds a option to , allowing projects to keep generated versioned docs and sidebars outside the site directory. By default, nothing changes: versioned docs are still written to the site directory under and . Motivation Some projects keep their docs content outside the Docusaurus site root, but always writes generated version folders back into the site directory. This makes monorepo and multi-docs setups harder to organize. With , the docs plugin can write: under a configured directory instead. Changes Adds to the docs plugin options and TypeScript types. Updates version metadata path resolution to read versioned docs/sidebars from the configured path. Updates the CLI flow to write generated docs/sidebars to that path. Documents the new option in the plugin API docs and versioning guide. Adds regression coverage for the new path helpers and CLI behavior. Related issue Fixes #8061. Test plan AI-assisted.

waqarilyas · 3d ago
Structured data for AI agents

Repository: facebook/docusaurus. Description: Easy to maintain open source documentation websites. Stars: 65481, Forks: 9950. Primary language: TypeScript. Languages: TypeScript (95.9%), JavaScript (2%), CSS (1.8%), XSLT (0.2%), AppleScript (0.1%). License: MIT. Homepage: https://docusaurus.io Topics: documentation, hacktoberfest, javascript, open-source, react, website. Latest release: v3.10.1 (2mo ago). Open PRs: 91, open issues: 290. Last activity: 5d ago. Community health: 87%. Top contributors: slorber, lex111, endiliey, Josh-Cena, yangshun, dependabot[bot], JoelMarcey, deltice, ericnakagawa, SamChou19815 and others.

·@ofershap

Replace github.com with gitshow.dev