Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
By Sarah Gooding - Jan 30, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@expressive-code/core
Advanced tools
@expressive-code/core
A text marking & annotation engine for presenting source code on the web.
@expressive-code/core
The core package of Expressive Code, an engine for presenting source code on the web.
Documentation
Read the Expressive Code docs to learn more about the features provided by Expressive Code.
When should I use this?
Using this core package directly is only recommended for advanced use cases.
Unless you're a plugin or integration author, you should probably use a higher-level package like astro-expressive-code or rehype-expressive-code instead of this one.
Installation
npm install @expressive-code/core
Usage example
// File: generate-html-core.mjs
import { ExpressiveCodeEngine } from '@expressive-code/core'
import { toHtml } from '@expressive-code/core/hast'
import fs from 'fs'
const ec = new ExpressiveCodeEngine({
plugins: [
// Add your plugins here
],
})
// Get base styles that should be included on the page
// (they are independent of the rendered code blocks)
const baseStyles = await ec.getBaseStyles()
const themeStyles = await ec.getThemeStyles()
const jsModules = await ec.getJsModules()
const renderResult = await ec.render({
code: 'console.log("Hello world!")',
language: 'js',
meta: '',
})
// Output results to the console
console.dir({
baseStyles,
themeStyles,
blockStyles: renderResult.styles,
htmlContent: toHtml(renderResult.renderedGroupAst),
})
// Convert the rendered AST to HTML
let htmlContent = toHtml(renderResult.renderedGroupAst)
// Collect styles and add them before the HTML content
const stylesToPrepend = []
stylesToPrepend.push(baseStyles)
stylesToPrepend.push(themeStyles)
stylesToPrepend.push(...renderResult.styles)
const styleContent = `<style> ${[...stylesToPrepend].join('')} </style>`
const jsContent = `<script type="module"> ${[...jsModules].join('')} </script>`
const htmlDocument = `
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
${styleContent}
${jsContent}
</head>
<body>
${htmlContent}
</body>
</html>
`
// Output HTML to the console
console.log(htmlDocument)
// Run `node generate-html.mjs` to generate the HTML file
// and open it in the browser
fs.writeFileSync('index.html', htmlDocument)
FAQs
A text marking & annotation engine for presenting source code on the web.
The npm package @expressive-code/core receives a total of 45,942 weekly downloads. As such, @expressive-code/core popularity was classified as popular.
We found that @expressive-code/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
By Kirill Boychenko, Peter van der Zee - Jan 29, 2025
Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025