Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@mapbox/rehype-prism
Advanced tools
rehype plugin to highlight code blocks in HTML with Prism (via refractor).
(If you would like to highlight code blocks with highlight.js, instead, check out rehype-highlight.)
Best suited for usage in Node. If you would like to perform syntax highlighting in the browser, you should look into less heavy ways to use refractor.
npm install @mapbox/rehype-prism
rehype().use(rehypePrism, [options])
Syntax highlights pre > code
.
Under the hood, it uses refractor, which is a virtual version of Prism.
The code language is configured by setting a language-{name}
class on the <code>
element.
You can use any language supported by refractor.
If no language-{name}
class is found on a <code>
element, it will be skipped.
Type: boolean
.
Default: false
.
By default, if {name}
does not correspond to a language supported by refractor an error will be thrown.
If you would like to silently skip <code>
elements with invalid languages, set this option to true
.
Use this package as a rehype plugin.
Some examples of how you might do that:
const rehype = require('rehype');
const rehypePrism = require('@mapbox/rehype-prism');
rehype()
.use(rehypePrism)
.process(/* some html */);
const unified = require('unified');
const rehypeParse = require('rehype-parse');
const rehypePrism = require('@mapbox/rehype-prism');
unified()
.use(rehypeParse)
.use(rehypePrism)
.processSync(/* some html */);
If you'd like to get syntax highlighting in Markdown, parse the Markdown (with remark-parse), convert it to rehype, then use this plugin.
const unified = require('unified');
const remarkParse = require('remark-parse');
const remarkRehype = require('remark-rehype');
const rehypePrism = require('@mapbox/rehype-prism');
unified()
.use(remarkParse)
.use(remarkRehype)
.use(rehypePrism)
.process(/* some markdown */);
language-
class to the <pre>
tag?Prism recommends adding the language-
class to the <code>
tag like this:
<pre><code class="language-css">p { color: red }</code></pre>
It bases this recommendation on the HTML5 spec. However, an undocumented behavior of their JavaScript is that, in the process of highlighting the code, they also copy the language-
class to the <pre>
tag:
<pre class="language-css"><code class="language-css"><span class="token selector">p</span> <span class="token punctuation">{</span> <span class="token property">color</span><span class="token punctuation">:</span> red <span class="token punctuation">}</span></code></pre>
This resulted in many Prism themes relying on this behavior by using CSS selectors like pre[class*="language-"]
. So in order for people using rehype-prism to get the most out of these themes, we decided to do the same.
0.7.0
FAQs
rehype plugin to highlight code blocks in HTML with Prism
The npm package @mapbox/rehype-prism receives a total of 67,353 weekly downloads. As such, @mapbox/rehype-prism popularity was classified as popular.
We found that @mapbox/rehype-prism demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 28 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.