Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
8fold-marked
Advanced tools
This fork is starting out of necessity. To be clear, 8fold is not attempting to hijack the main project.
If the main project appears to pick up again, then we will probably let it go back to those capable hands. In the meantime, this project is here for Marked users to come and collaborate (I hope the folks on the main project are okay). All PRs should be submitted to this repo so we can perform merges into master
here and submit those to the main project as well.
A full-featured markdown parser and compiler, written in JavaScript. Built for speed.
npm install marked --save
Minimal usage:
var marked = require('marked');
console.log(marked('I am using __markdown__.'));
// Outputs: <p>I am using <strong>markdown</strong>.</p>
Example setting options with default values:
var marked = require('marked');
marked.setOptions({
renderer: new marked.Renderer(),
gfm: true,
tables: true,
breaks: false,
pedantic: false,
sanitize: false,
smartLists: true,
smartypants: false,
xhtml: false,
baseUrl: null
});
console.log(marked('I am using __markdown__.'));
<!doctype html>
<html>
<head>
<meta charset="utf-8"/>
<title>Marked in the browser</title>
<script src="lib/marked.js"></script>
</head>
<body>
<div id="content"></div>
<script>
document.getElementById('content').innerHTML =
marked('# Marked in browser\n\nRendered by **marked**.');
</script>
</body>
</html>
Type: string
String of markdown source to be compiled.
Type: object
Hash of options. Can also be set using the marked.setOptions
method as seen
above.
Type: function
Function called when the markdownString
has been fully parsed when using
async highlighting. If the options
argument is omitted, this can be used as
the second argument.
Type: function
A function to highlight code blocks. The first example below uses async highlighting with node-pygmentize-bundled, and the second is a synchronous example using highlight.js:
var marked = require('marked');
var markdownString = '```js\n console.log("hello"); \n```';
// Async highlighting with pygmentize-bundled
marked.setOptions({
highlight: function (code, lang, callback) {
require('pygmentize-bundled')({ lang: lang, format: 'html' }, code, function (err, result) {
callback(err, result.toString());
});
}
});
// Using async version of marked
marked(markdownString, function (err, content) {
if (err) throw err;
console.log(content);
});
// Synchronous highlighting with highlight.js
marked.setOptions({
highlight: function (code) {
return require('highlight.js').highlightAuto(code).value;
}
});
console.log(marked(markdownString));
code
Type: string
The section of code to pass to the highlighter.
lang
Type: string
The programming language specified in the code block.
callback
Type: function
The callback function to call when using an async highlighter.
Type: object
Default: new Renderer()
An object containing functions to render tokens to HTML.
The renderer option allows you to render tokens in a custom manner. Here is an example of overriding the default heading token rendering by adding an embedded anchor tag like on GitHub:
var marked = require('marked');
var renderer = new marked.Renderer();
renderer.heading = function (text, level) {
var escapedText = text.toLowerCase().replace(/[^\w]+/g, '-');
return '<h' + level + '><a name="' +
escapedText +
'" class="anchor" href="#' +
escapedText +
'"><span class="header-link"></span></a>' +
text + '</h' + level + '>';
},
console.log(marked('# heading+', { renderer: renderer }));
This code will output the following HTML:
<h1>
<a name="heading-" class="anchor" href="#heading-">
<span class="header-link"></span>
</a>
heading+
</h1>
flags
has the following properties:
{
header: true || false,
align: 'center' || 'left' || 'right'
}
Type: boolean
Default: true
Enable GitHub flavored markdown.
Type: boolean
Default: true
Enable GFM tables.
This option requires the gfm
option to be true.
Type: boolean
Default: false
Enable GFM line breaks.
This option requires the gfm
option to be true.
Type: boolean
Default: false
Conform to obscure parts of markdown.pl
as much as possible. Don't fix any of
the original markdown bugs or poor behavior.
Type: boolean
Default: false
Sanitize the output. Ignore any HTML that has been input.
Type: boolean
Default: true
Use smarter list behavior than the original markdown. May eventually be
default with the old behavior moved into pedantic
.
Type: boolean
Default: false
Use "smart" typograhic punctuation for things like quotes and dashes.
Type: boolean
Default: false
Self-close the tags for void elements (<br/>, <img/>, etc.) with a "/" as required by XHTML.
Type: string
Default: null
Replace relative link and image URLs with values resolved against the specified base.
You also have direct access to the lexer and parser if you so desire.
var tokens = marked.lexer(text, options);
console.log(marked.parser(tokens));
var lexer = new marked.Lexer(options);
var tokens = lexer.lex(text);
console.log(tokens);
console.log(lexer.rules);
$ marked -o hello.html
hello world
^D
$ cat hello.html
<p>hello world</p>
The point of marked was to create a markdown compiler where it was possible to frequently parse huge chunks of markdown without having to worry about caching the compiled output somehow...or blocking for an unnecesarily long time.
marked is very concise and still implements all markdown features. It is also now fully compatible with the client-side.
marked more or less passes the official markdown test suite in its entirety. This is important because a surprising number of markdown compilers cannot pass more than a few tests. It was very difficult to get marked as compliant as it is. It could have cut corners in several areas for the sake of performance, but did not in order to be exactly what you expect in terms of a markdown rendering. In fact, this is why marked could be considered at a disadvantage in the benchmarks above.
Along with implementing every markdown feature, marked also implements GFM features.
node v0.8.x
$ node test --bench
marked completed in 3411ms.
marked (gfm) completed in 3727ms.
marked (pedantic) completed in 3201ms.
robotskirt completed in 808ms.
showdown (reuse converter) completed in 11954ms.
showdown (new converter) completed in 17774ms.
markdown-js completed in 17191ms.
Marked is now faster than Discount, which is written in C.
For those feeling skeptical: These benchmarks run the entire markdown test suite 1000 times. The test suite tests every feature. It doesn't cater to specific aspects.
You also have direct access to the lexer and parser if you so desire.
var tokens = marked.lexer(text, options);
console.log(marked.parser(tokens));
var lexer = new marked.Lexer(options);
var tokens = lexer.lex(text);
console.log(tokens);
console.log(lexer.rules);
$ node
> require('marked').lexer('> i am using marked.')
[ { type: 'blockquote_start' },
{ type: 'paragraph',
text: 'i am using marked.' },
{ type: 'blockquote_end' },
links: {} ]
If you want to submit a pull request, make sure your changes pass the test suite. If you're adding a new feature, be sure to add your own test.
The marked test suite is set up slightly strangely: test/new
is for all tests
that are not part of the original markdown.pl test suite (this is where your
test should go if you make one). test/original
is only for the original
markdown.pl tests. test/tests
houses both types of tests after they have been
combined and moved/generated by running node test --fix
or marked --test --fix
.
In other words, if you have a test to add, add it to test/new/
and then
regenerate the tests with node test --fix
. Commit the result. If your test
uses a certain feature, for example, maybe it assumes GFM is not enabled, you
can add .nogfm
to the filename. So, my-test.text
becomes
my-test.nogfm.text
. You can do this with any marked option. Say you want
line breaks and smartypants enabled, your filename should be:
my-test.breaks.smartypants.text
.
To run the tests:
cd marked/
node test
If you contribute code to this project, you are implicitly allowing your code
to be distributed under the MIT license. You are also implicitly verifying that
all code is your original work. </legalese>
Copyright (c) 2011-2014, Christopher Jeffrey. (MIT License)
See LICENSE for more info.
FAQs
A markdown parser built for speed
We found that 8fold-marked demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.