README

Laravel npm Readme

Fetch an npm package's README straight from the registry document, render the markdown and cache the resulting HTML. The npm registry ships the README markdown inline in the package document, so there is no extra request beyond the registry call.

This is the npm sibling of jeffersongoncalves/laravel-github-readme.

Installation

composer require jeffersongoncalves/laravel-npm-readme

Optionally publish the config:

php artisan vendor:publish --tag="npm-readme-config"

Usage

use JeffersonGoncalves\NpmReadme\NpmReadme;

$html = NpmReadme::fetchHtml('https://www.npmjs.com/package/laravel-echo');
// or a scoped package:
$html = NpmReadme::fetchHtml('https://www.npmjs.com/package/@tailwindcss/vite');

fetchHtml() returns the rendered HTML, or null when the URL isn't an npm package, the registry has no document, or the package ships no README. Results are cached on the default cache store (npm_readme:{package}) for config('npm-readme.cache_minutes').

NpmReadme::packageFromUrl($url) is also public if you only need the package identifier.

Security

The rendered HTML is untrusted (third-party package READMEs). The default renderer therefore strips raw HTML (html_input = strip), so an embedded <script> cannot become stored XSS.

If you need raw HTML kept, provide your own renderer callable in config/npm-readme.php — the output is then unsafe and you must sanitize it before display, e.g. with jeffersongoncalves/laravel-html-sanitizer:

// config/npm-readme.php
'renderer' => [\App\Support\Markdown::class, 'render'],

Configuration

Testing

composer test

License

The MIT License (MIT). Please see License File for more information.