Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@atomiks/mdx-pretty-code
Advanced tools
A Remark plugin to make the code in your MDX docs simply beautiful. Powered by [Shiki](https://github.com/shikijs/shiki).
A Remark plugin to make the code in your MDX docs simply beautiful. Powered by Shiki.
npm install @atomiks/mdx-pretty-code shiki
import {createRemarkPlugin} from '@atomiks/mdx-pretty-code';
import fs from 'fs';
const prettyCode = createRemarkPlugin({
// Options passed to shiki.getHighlighter()
shikiOptions: {
// Link to your VS Code theme JSON file
theme: JSON.parse(
fs.readFileSync(require.resolve('./themes/my-theme.json'), 'utf-8')
),
},
// These are hooks which allow you to style the node. `node` is an element
// using JSDOM, so you can apply any CSS.
onVisitLine(node) {
// Style a line node.
Object.assign(node.style, {
margin: '0 -1.5rem',
padding: '0 1.5rem',
});
},
onVisitHighlightedLine(node) {
// Style a highlighted line node.
Object.assign(node.style, {
backgroundColor: 'rgba(0,0,0,0.1)',
});
},
onVisitHighlightedWord(node) {
// Style a highlighted word node.
Object.assign(node.style, {
backgroundColor: 'rgba(0,0,0,0.5)',
padding: '0.25rem',
borderRadius: '0.25rem',
});
},
});
Then pass the plugin to your MDX remarkPlugins
option. For example, in
next.config.js
using MDX v2:
module.exports = {
experimental: {esmExternals: true},
webpack(config, options) {
config.module.rules.push({
test: /\.mdx?$/,
use: [
options.defaultLoaders.babel,
{
loader: '@mdx-js/loader',
/** @type {import('@mdx-js/loader').Options} */
options: {
remarkPlugins: [prettyCode],
},
},
],
});
return config;
},
};
Code blocks are configured via the meta string after the top codeblock fence.
Highlight lines 1, 2 through 4, and 6.
```js {1,2-4,6}
Highlight the literal word carrot
. Regex is not currently supported.
```js /carrot/
If you want to limit which words get highlighted, this is possible. For instance:
```js /carrot/1-2,4
The numeric range must be directly after the /
.
This will only highlight the first, second, and fourth instances of carrot
,
but not the third, or fifth+.
Append {:lang}
(e.g. {:js}
) at the end of the inline code to highlight it
like it's a regular code block.
This is `inline(){:js}` code which will be colored like a regular code block.
In your MDXProvider
's components
prop, modify span
like so:
const mdxComponents = {
span(props) {
if (props['data-mdx-pretty-code'] != null) {
return (
<code style={{color: props['data-color']}}>
{props.children.props.children}
</code>
);
}
return <span {...props} />;
},
};
Shiki will color plain variables as plain text since the highlighting has no context. But if you're referring to a variable which was colored a different way by Shiki in a code block above or below the inline code, it won't be semantic.
You can instruct MDX Pretty Code to color a word by supplying a token whose color is specified in the VS Code theme.
It must start with a .
to indicate it's a token, not a language.
The function name is `hello{:.entity.name.function}`.
You can create a tokensMap
to shorten this throughout your docs:
createRemarkPlugin({
// ...
tokensMap: {
function: 'entity.name.function',
},
});
Now you can just do:
The function name is `hello{:.function}`.
Note: for the token feature to work, you must have supplied a JSON object to
shikiOptions.theme
, not a default Shiki theme string.
CSS counters can be used to add line numbers.
code {
counter-reset: line;
}
code > .line::before {
counter-increment: line;
content: counter(line);
/* Other styling */
display: inline-block;
width: 1rem;
margin-right: 2rem;
text-align: right;
color: gray;
}
The code
tag has a data-language
attribute, so you can add the language
information to the code block.
All HTML is sanitized via
sanitize-html
. To configure the
sanitizing options, pass sanitizeOptions
, which is 1:1 with its API.
MIT
FAQs
A Remark plugin to make the code in your MDX docs simply beautiful. Powered by [Shiki](https://github.com/shikijs/shiki).
The npm package @atomiks/mdx-pretty-code receives a total of 41 weekly downloads. As such, @atomiks/mdx-pretty-code popularity was classified as not popular.
We found that @atomiks/mdx-pretty-code demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.