add ansi-html

Author: ejarocki-cloudlinux

docs/.vuepress/components/ELSTechnology.vue

@@ -260,6 +260,11 @@ const techData = [
         versions: "1.5.x | 1.6.x | 1.7.x | 1.8.x",
         link: "./angularjs/",
       },
+      {
+        name: "ansi-html",
+        versions: "0.0.7",
+        link: "./ansi-html/",
+      },
       {
         name: "base64url",
         versions: "0.0.6",

docs/.vuepress/config-client/sidebar.ts

@@ -204,6 +204,10 @@ export default {
                     path: '/els-for-runtimes-and-libraries/angularjs/',
                     icon: '/images/angularjs-logo.webp',
                 },
+                {
+                    path: '/els-for-runtimes-and-libraries/ansi-html/',
+                    icon: '/images/javascript.webp',
+                },
                 {
                     path: '/els-for-runtimes-and-libraries/bootstrap/',
                     icon: '/images/bootstrap-logo.webp',

docs/els-for-runtimes-and-libraries/ansi-html/README.md

@@ -0,0 +1,177 @@
+# ansi-html
+
+Endless Lifecycle Support (ELS) for ansi-html from TuxCare provides security fixes for ansi-html versions that have reached their end of life. This allows you to continue running ansi-html applications without vulnerability concerns, even after official support has ended.
+
+## Supported ansi-html Versions
+
+* ansi-html 0.0.7
+
+## Connection to ELS for ansi-html Library
+
+This guide outlines the steps needed to integrate the TuxCare ELS for the ansi-html library.
+
+## Step 1: Get Token
+
+You need a token in order to use TuxCare ELS ansi-html library. Anonymous access is disabled. To receive the token, please contact [[email protected]](mailto:[email protected]).
+
+## Step 2: Set Up ELS for ansi-html
+
+TuxCare provides ELS for ansi-html as an NPM package, hosted on a secure internal registry. Follow the steps below to add it to your project and get started.
+
+1. Navigate to the root directory of your ansi-html project.
+2. Create a `.npmrc` file or update it if it already exists.
+
+   **Example:**
+
+   ```text
+   my-ansi-html-project/
+   ├── node_modules/
+   ├── package.json
+   ├── .npmrc         ⚠️ ← Create it here
+   └── package-lock.json
+   ```
+
+3. Use an editor of your choice (e.g., VS Code) to add the following registry address line:
+
+   <CodeWithCopy>
+
+   ```text
+   registry=https://registry.npmjs.org/
+   @els-js:registry=https://nexus.repo.tuxcare.com/repository/els_js/
+   //nexus.repo.tuxcare.com/repository/els_js/:_auth=${TOKEN}
+   ```
+
+   </CodeWithCopy>
+
+   :::warning
+   Replace ${TOKEN} with the token you received from [[email protected]](mailto:[email protected]).
+   :::
+
+4. Update your `package.json` file to replace your ansi-html dependencies with the TuxCare packages. You can do this in two ways:
+
+  * **Option 1: TuxCare Patcher (Automated)**
+
+    If you already have dependencies listed in your `package.json`, for example:
+
+    ```text
+    "dependencies": {
+      "ansi-html": "^0.0.7"
+    }
+    ```
+
+    Install the Patcher globally, then run the patcher command:
+
+    <CodeWithCopy>
+
+    ```text
+    npm install -g @els-js/tuxcare-patcher --userconfig ./.npmrc
+    tuxcare-patch-js
+    ```
+
+    </CodeWithCopy>
+
+    The patcher will automatically update your `package.json` to:
+
+    ```text
+    "dependencies": {
+      "ansi-html": "npm:@els-js/[email protected]"
+    },
+    "overrides": {
+      "[email protected]": "npm:@els-js/[email protected]"
+    }
+    ```
+    
+  * **Option 2: Manual Update**
+
+     Manually update your `package.json` file to use the TuxCare package:
+
+   <CodeWithCopy>
+
+   ```text
+   "dependencies": {
+     "ansi-html": "npm:@els-js/[email protected]"
+   }
+   ```
+
+   </CodeWithCopy>
+
+5. You need to remove the `node_modules` directory and the `package-lock.json` file, and also clear the `npm cache` before installing the patched packages. Use the following commands:
+   
+   <CodeWithCopy>
+
+   ```text
+   rm -rf node_modules package-lock.json && npm cache clean --force
+   ```
+
+   </CodeWithCopy>
+
+6. Run the following command to install the ELS version of the ansi-html library (token for the TuxCare repository will be automatically picked up from your `.npmrc` file):
+
+   <CodeWithCopy>
+
+   ```text
+   npm install
+   ```
+
+   </CodeWithCopy>
+
+   You will see an output like:
+
+   ```text
+    added 1 package, and audited 2 packages in 792ms
+    
+    found 0 vulnerabilities
+   ```
+
+7. You've successfully installed the Tuxcare ELS version of the ansi-html library into your project.
+
+## Vulnerability Exploitability eXchange (VEX) 
+
+VEX is a machine-readable format that tells you if a known vulnerability and is actually exploitable in your product. It reduces false positives, helps prioritize real risks.
+
+TuxCare provides VEX for ansi-html ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_javascript/ansi-html/](https://security.tuxcare.com/vex/cyclonedx/els_lang_javascript/ansi-html/).
+
+## How to Upgrade to a Newer Version of TuxCare Packages
+
+If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.2`), there are several options:
+
+* **Option 1**. Run TuxCare Patcher to update all TuxCare packages in your `package.json`:
+
+  <CodeWithCopy>
+
+  ```text
+  tuxcare-patch-js --upgrade
+  ```
+
+  </CodeWithCopy>
+
+* **Option 2**. Run the `npm install` command with the specific version. This will automatically update both `package.json` and `package-lock.json`:
+
+  <CodeWithCopy>
+
+  ```text
+  npm install ansi-html@npm:@els-js/[email protected]
+  ```
+
+  </CodeWithCopy>
+
+* **Option 3**. Manually update the version string in your `package.json`, remove installed files and clear npm cache to avoid conflicts:
+
+  <CodeWithCopy>
+
+  ```text
+  rm -rf node_modules package-lock.json && npm cache clean --force
+  npm install
+  ```
+
+  </CodeWithCopy>
+
+## Resolved CVEs
+
+Fixes for the following vulnerabilities are available in ELS for ansi-html from TuxCare versions:
+
+| CVE ID         | CVE Type | Severity | Affected Libraries | Vulnerable Versions |
+| :------------: | :------: |:--------:|:------------------:| :----------------: |
+| CVE-2021-23424 | Direct   | High     | ansi-html          | < 0.0.8            |
+
+If you are interested in the TuxCare Endless Lifecycle Support, contact [[email protected]](mailto:[email protected]).