
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@ckeditor/ckeditor5-core
Advanced tools
The core architecture of CKEditor 5 – the best browser-based rich text editor.
@ckeditor/ckeditor5-core is a core package for CKEditor 5, a modern JavaScript rich text editor. It provides essential functionalities and utilities for building and customizing CKEditor 5 editors.
Editor Creation
This feature allows you to create and initialize a CKEditor 5 instance. The code sample demonstrates how to create a classic editor and attach it to a DOM element.
const ClassicEditor = require('@ckeditor/ckeditor5-editor-classic/src/classiceditor');
const Editor = require('@ckeditor/ckeditor5-core/src/editor/editor');
ClassicEditor.create(document.querySelector('#editor'))
.then(editor => {
console.log('Editor was initialized', editor);
})
.catch(error => {
console.error(error.stack);
});
Plugin Management
This feature allows you to create and manage plugins for CKEditor 5. The code sample demonstrates how to create a custom plugin and include it in the editor configuration.
const Plugin = require('@ckeditor/ckeditor5-core/src/plugin');
class MyPlugin extends Plugin {
init() {
console.log('MyPlugin was initialized');
}
}
ClassicEditor.create(document.querySelector('#editor'), {
plugins: [ MyPlugin ]
})
.then(editor => {
console.log('Editor with MyPlugin was initialized', editor);
})
.catch(error => {
console.error(error.stack);
});
Command Management
This feature allows you to create and manage commands in CKEditor 5. The code sample demonstrates how to create a custom command and execute it within the editor.
const Command = require('@ckeditor/ckeditor5-core/src/command');
class MyCommand extends Command {
execute() {
console.log('MyCommand executed');
}
}
ClassicEditor.create(document.querySelector('#editor'))
.then(editor => {
editor.commands.add('myCommand', new MyCommand(editor));
editor.execute('myCommand');
})
.catch(error => {
console.error(error.stack);
});
TinyMCE is another popular rich text editor that provides a wide range of features and plugins. It is similar to CKEditor 5 in terms of functionality but has a different API and plugin system.
Quill is a modern WYSIWYG editor built for compatibility and extensibility. It offers a simpler API compared to CKEditor 5 and is highly customizable through its modular architecture.
Draft.js is a JavaScript rich text editor framework developed by Facebook. It provides a set of React components and an immutable model for managing editor state, making it different from CKEditor 5's approach.
This package implements CKEditor 5's core editor architecture – a set of classes and interfaces which glue everything together.
This plugin is part of the ckeditor5
package. Install the whole package to use it.
npm install ckeditor5
If you want to check full CKEditor 5 capabilities, sign up for a free non-commitment 14-day trial.
For general introduction see the Overview of CKEditor 5 framework guide and then the core editor architecture guide.
Additionally, see the @ckeditor/ckeditor5-core
package page in CKEditor 5 documentation for even more information.
Licensed under a dual-license model, this software is available under:
For more information, see: https://ckeditor.com/legal/ckeditor-licensing-options.
46.0.3 (September 3, 2025)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the CKEditor 5 clipboard package (CVE-2025-58064
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets one of the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
FAQs
The core architecture of CKEditor 5 – the best browser-based rich text editor.
The npm package @ckeditor/ckeditor5-core receives a total of 1,001,545 weekly downloads. As such, @ckeditor/ckeditor5-core popularity was classified as popular.
We found that @ckeditor/ckeditor5-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.