BunsDev · BunsDev · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026 · Apr 5, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,6 +32,9 @@ jobs:
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
+
+      - name: Run security audit
+        run: pnpm run security-audit --strict
 
       - name: Build packages
         run: pnpm run build

diff --git a/README.md b/README.md
@@ -73,6 +73,7 @@ const themed = applyPreviewTheme(raw); // wraps elements with cm-* classes
 ```
 
 Pair with any theme CSS (`github.css`, `github-dark.css`, `minimal.css`, or `system.css`) and the styled output just works.
+Sanitize untrusted HTML before assigning the themed output to the DOM.
 
 ### React Components
 
@@ -117,6 +118,8 @@ const html = await renderAsync(blocks, {
 });
 ```
 
+Preview output is intended for trusted content by default. If the markdown or generated HTML can come from users, sanitize it before rendering.
+
 ### CSS Custom Property Theming
 
 The `system.css` theme uses CSS custom properties so it adapts to any design system:
@@ -148,7 +151,7 @@ import '@create-markdown/preview/themes/system.css';
 
 ### BYO Sanitizer
 
-Pass any sanitizer function instead of relying on a built-in implementation:
+Pass any sanitizer function when rendering untrusted content:
 
 ```typescript
 import { blocksToHTML } from '@create-markdown/preview';
@@ -193,6 +196,8 @@ Use `shadowMode: 'none'` to render in the light DOM and inherit page styles:
 registerPreviewElement({ shadowMode: 'none' });
 ```
 
+The web component also assumes trusted markdown by default, so sanitize user-provided content before passing it in.
+
 ## Documentation
 
 | Document | Description |

diff --git a/SECURITY.md b/SECURITY.md
@@ -6,8 +6,8 @@ We release patches for security vulnerabilities in the following versions:
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.x.x   | :white_check_mark: |
-| < 1.0   | :x:                |
+| 2.x.x   | :white_check_mark: |
+| < 2.0   | :x:                |
 
 ## Reporting a Vulnerability
 
@@ -16,7 +16,7 @@ We take the security of create-markdown seriously. If you discover a security vu
 ### How to Report
 
 1. **Do not** open a public GitHub issue for security vulnerabilities
-2. Email your findings to **val@viewdue.ai** (replace with your actual security email)
+2. Email your findings to **val@viewdue.ai**
 3. Alternatively, use [GitHub's private vulnerability reporting](https://github.com/BunsDev/create-markdown/security/advisories/new)
 
 ### What to Include
@@ -51,10 +51,11 @@ We will not pursue civil action or initiate a complaint to law enforcement for a
 When using create-markdown in your projects:
 
 1. **Sanitize User Input**: Always sanitize markdown content from untrusted sources before rendering
-2. **Keep Dependencies Updated**: Regularly update to the latest version to receive security patches
-3. **Content Security Policy**: Implement appropriate CSP headers when rendering markdown in browsers
-4. **Review Generated HTML**: Be cautious with HTML output, especially when allowing raw HTML in markdown
+2. **Treat Mermaid as Trusted by Default**: Use `mermaidPlugin({ config: { securityLevel: 'strict' } })` when diagram text can come from users
+3. **Keep Dependencies Updated**: Regularly update to the latest version to receive security patches
+4. **Content Security Policy**: Implement appropriate CSP headers when rendering markdown in browsers
+5. **Review Generated HTML**: Be cautious with HTML output, especially when allowing raw HTML in markdown
 
 ## Acknowledgments
 
-We appreciate the security research community's efforts in helping keep create-markdown secure. Contributors who report valid security issues will be acknowledged here (with their permission).
+We appreciate the security research community's efforts in helping keep create-markdown secure. Contributors who report valid security issues will be acknowledged here (with their permission).
diff --git a/package.json b/package.json
@@ -38,13 +38,18 @@
   "devDependencies": {
     "@changesets/cli": "^2.27.0",
     "@testing-library/react": "^16.0.0",
-    "@vitejs/plugin-react": "^4.3.0",
     "jsdom": "^25.0.0",
     "tsup": "^8.5.1",
     "tsx": "^4.21.0",
     "turbo": "^2.3.0",
     "typescript": "^5.3.0",
-    "vitest": "^2.1.0"
+    "vite": "^7.1.11",
+    "vitest": "^4.1.2"
+  },
+  "pnpm": {
+    "overrides": {
+      "lodash-es": "4.18.1"
+    }
   },
   "packageManager": "pnpm@10.11.1",
   "engines": {

diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md
@@ -1,5 +1,15 @@
 # @create-markdown/core
 
+## 2.0.1
+
+### Patch Changes
+
+- Patch release to publish the security remediation update across all packages.
+
+  - refresh vulnerable dependency resolutions in the workspace
+  - ship the pnpm-based security audit improvements
+  - document trusted-content expectations for preview rendering
+
 ## 2.0.0
 
 ### Major Changes

diff --git a/packages/core/package.json b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@create-markdown/core",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Block-based markdown parsing and serialization with zero dependencies",
   "author": "Val Alexander <val@viewdue.ai>",
   "license": "MIT",
@@ -51,7 +51,8 @@
   },
   "devDependencies": {
     "typescript": "^5.3.0",
-    "vitest": "^2.1.0"
+    "vite": "^7.1.11",
+    "vitest": "^4.1.2"
   },
   "engines": {
     "node": ">=20.0.0"

diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts
@@ -259,4 +259,4 @@ export function toMarkdown(blocksOrDoc: Block[] | { blocks: Block[] }): string {
 /**
  * Package version
  */
-export const VERSION = '2.0.0';
+export const VERSION = '2.0.1';
diff --git a/packages/create-markdown/CHANGELOG.md b/packages/create-markdown/CHANGELOG.md
@@ -1,5 +1,20 @@
 # create-markdown
 
+## 2.0.1
+
+### Patch Changes
+
+- Patch release to publish the security remediation update across all packages.
+
+  - refresh vulnerable dependency resolutions in the workspace
+  - ship the pnpm-based security audit improvements
+  - document trusted-content expectations for preview rendering
+
+- Updated dependencies
+  - @create-markdown/core@2.0.1
+  - @create-markdown/react@2.0.1
+  - @create-markdown/preview@2.0.1
+
 ## 2.0.0
 
 ### Major Changes

diff --git a/packages/create-markdown/package.json b/packages/create-markdown/package.json
@@ -1,6 +1,6 @@
 {
   "name": "create-markdown",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Complete block-based markdown notes package - convenience bundle for @create-markdown packages",
   "author": "Val Alexander <val@viewdue.ai>",
   "license": "MIT",

diff --git a/packages/create-markdown/src/index.ts b/packages/create-markdown/src/index.ts
@@ -15,4 +15,4 @@ export * from '@create-markdown/core';
 /**
  * Package version
  */
-export const VERSION = '2.0.0';
+export const VERSION = '2.0.1';
diff --git a/packages/docs/CHANGELOG.md b/packages/docs/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @create-markdown/docs
 
+## 1.0.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @create-markdown/core@2.0.1
+  - @create-markdown/mdx@1.0.1
+
 ## 1.0.0
 
 ### Major Changes

diff --git a/packages/docs/app/docs/[[...slug]]/page.tsx b/packages/docs/app/docs/[[...slug]]/page.tsx
@@ -67,6 +67,7 @@ export default async function DocPage({ params }: DocPageProps) {
 
           {/* MDX Content */}
           <div className="pb-12 pt-8">
+            {/* Docs content is compiled only from repository-local MDX files in packages/docs/content. */}
             <MDXRemote
               source={doc.content}
               components={mdxComponents}

diff --git a/packages/docs/content/api/preview.mdx b/packages/docs/content/api/preview.mdx
@@ -26,16 +26,23 @@ pnpm add shiki mermaid
 
 ```typescript
 import { markdownToHTML } from '@create-markdown/preview';
+import DOMPurify from 'dompurify';
 
-const html = markdownToHTML(`
+const html = await markdownToHTML(`
 # Hello World
 
 This is **bold** and *italic* text.
 `);
 
-document.getElementById('preview').innerHTML = html;
+const preview = document.getElementById('preview');
+
+if (preview) {
+  preview.innerHTML = DOMPurify.sanitize(html, { USE_PROFILES: { html: true } });
+}
 ```
 
+Sanitize untrusted content before rendering it. Direct DOM assignment is only appropriate when you fully trust the markdown source.
+
 ### With Syntax Highlighting (Shiki)
 
 ```typescript
@@ -69,10 +76,17 @@ flowchart LR
 `);
 
 const html = await renderAsync(blocks, {
-  plugins: [mermaidPlugin({ theme: 'default' })],
+  plugins: [
+    mermaidPlugin({
+      theme: 'default',
+      config: { securityLevel: 'strict' },
+    }),
+  ],
 });
 ```
 
+Use Mermaid's stricter security mode when diagram text can come from users. Only opt into looser Mermaid settings for fully trusted content.
+
 ### Web Component
 
 ```html
@@ -101,6 +115,8 @@ registerPreviewElement({
 });
 ```
 
+The web component renders trusted content by default, so sanitize user-provided markdown before passing it to the element.
+
 ## API
 
 ### `blocksToHTML(blocks, options?)`
@@ -135,11 +151,11 @@ interface PreviewOptions {
   classPrefix?: string;       // CSS class prefix (default: 'cm-')
   theme?: string;             // Theme name
   linkTarget?: '_blank' | '_self';
-  sanitize?: boolean;         // Sanitize HTML output
+  sanitize?: boolean | ((html: string) => string);
   plugins?: PreviewPlugin[];  // Plugins for enhanced rendering
 }
 ```
 
 ## License
 
-MIT
+MIT
diff --git a/packages/docs/content/index.mdx b/packages/docs/content/index.mdx
@@ -81,6 +81,7 @@ const themed = applyPreviewTheme(raw); // wraps elements with cm-* classes
 ```
 
 Pair with any theme CSS (`github.css`, `github-dark.css`, `minimal.css`, or `system.css`) and the styled output just works.
+Sanitize untrusted HTML before assigning the themed output to the DOM.
 
 ### React Components
 
@@ -125,6 +126,8 @@ const html = await renderAsync(blocks, {
 });
 ```
 
+Preview output is intended for trusted content by default. If the markdown or generated HTML can come from users, sanitize it before rendering.
+
 ### CSS Custom Property Theming
 
 The `system.css` theme uses CSS custom properties so it adapts to any design system:
@@ -156,7 +159,7 @@ import '@create-markdown/preview/themes/system.css';
 
 ### BYO Sanitizer
 
-Pass any sanitizer function instead of relying on a built-in implementation:
+Pass any sanitizer function when rendering untrusted content:
 
 ```typescript
 import { blocksToHTML } from '@create-markdown/preview';
@@ -201,6 +204,8 @@ Use `shadowMode: 'none'` to render in the light DOM and inherit page styles:
 registerPreviewElement({ shadowMode: 'none' });
 ```
 
+The web component also assumes trusted markdown by default, so sanitize user-provided content before passing it in.
+
 ## Documentation
 
 | Document | Description |
@@ -253,4 +258,4 @@ We welcome contributions! Please see [CONTRIBUTING.md](./CONTRIBUTING.md) for gu
 
 ## License
 
-MIT
+MIT
diff --git a/packages/docs/package.json b/packages/docs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@create-markdown/docs",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "private": true,
   "description": "Documentation site for create-markdown",
   "type": "module",
@@ -22,7 +22,7 @@
     "cmdk": "^1.0.0",
     "lucide-react": "^0.460.0",
     "next": "^16.1.6",
-    "next-mdx-remote": "^5.0.0",
+    "next-mdx-remote": "^6.0.0",
     "next-themes": "^0.4.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",

diff --git a/packages/mdx/CHANGELOG.md b/packages/mdx/CHANGELOG.md
@@ -1,5 +1,18 @@
 # @create-markdown/mdx
 
+## 1.0.1
+
+### Patch Changes
+
+- Patch release to publish the security remediation update across all packages.
+
+  - refresh vulnerable dependency resolutions in the workspace
+  - ship the pnpm-based security audit improvements
+  - document trusted-content expectations for preview rendering
+
+- Updated dependencies
+  - @create-markdown/core@2.0.1
+
 ## 1.0.0
 
 ### Major Changes

diff --git a/packages/mdx/package.json b/packages/mdx/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@create-markdown/mdx",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Convert markdown blocks to MDX with component mappings",
   "author": "Val Alexander <val@viewdue.ai>",
   "license": "MIT",
@@ -53,7 +53,8 @@
   "devDependencies": {
     "@types/node": "^20.0.0",
     "typescript": "^5.3.0",
-    "vitest": "^2.1.0"
+    "vite": "^7.1.11",
+    "vitest": "^4.1.2"
   },
   "peerDependencies": {
     "@create-markdown/core": ">=2.0.0"

diff --git a/packages/mdx/src/index.ts b/packages/mdx/src/index.ts
@@ -49,4 +49,4 @@ export type { Block, TextSpan, BlockType } from '@create-markdown/core';
 /**
  * Package version
  */
-export const VERSION = '1.0.0';
+export const VERSION = '1.0.1';
diff --git a/packages/preview/CHANGELOG.md b/packages/preview/CHANGELOG.md
@@ -1,5 +1,18 @@
 # @create-markdown/preview
 
+## 2.0.1
+
+### Patch Changes
+
+- Patch release to publish the security remediation update across all packages.
+
+  - refresh vulnerable dependency resolutions in the workspace
+  - ship the pnpm-based security audit improvements
+  - document trusted-content expectations for preview rendering
+
+- Updated dependencies
+  - @create-markdown/core@2.0.1
+
 ## 2.0.0
 
 ### Major Changes