You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@sahircansurmeli/react-mde

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@sahircansurmeli/react-mde

React Markdown Editor

latest
Source
npmnpm
Version
11.7.1
Version published
Maintainers
1
Created
Source

📝 react-mde

npm MinZipped twitter

A simple yet powerful and extensible React Markdown Editor that aims to have feature parity with the Github Markdown editor. React-mde has no 3rd party dependencies.

Added support for toggling commands.

Demo

Installing

npm i react-mde

Using

React-mde is a completely controlled component.

Minimal example using Showdown. View live on CodeSandBox:

import * as React from "react";
import ReactMde from "react-mde";
import * as Showdown from "showdown";
import "react-mde/lib/styles/css/react-mde-all.css";

const converter = new Showdown.Converter({
  tables: true,
  simplifiedAutoLink: true,
  strikethrough: true,
  tasklists: true
});

export default function App() {
  const [value, setValue] = React.useState("**Hello world!!!**");
  const [selectedTab, setSelectedTab] = React.useState<"write" | "preview">("write");
  return (
    <div className="container">
      <ReactMde
        value={value}
        onChange={setValue}
        selectedTab={selectedTab}
        onTabChange={setSelectedTab}
        generateMarkdownPreview={markdown =>
          Promise.resolve(converter.makeHtml(markdown))
        }
      />
    </div>
  );
}

Markdown Preview

React-mde is agnostic regarding how to preview Markdown. The prop generateMarkdownPreview should return a Promise of either a string or a ReactElement.

Customizing Icons

React-mde comes with SVG icons extracted from FontAwesome.

You can customize the way icons are resolved by passing your own getIcon that will return a ReactNode given a command name.

<ReactMde
    getIcon={(commandName) => <MyCustomIcon name={commandName} />}
    onChange={this.handleValueChange}
    // ...
/>

React-mde Props

The types are described below

  • value: string: The Markdown value.
  • onChange: (value: string): Event handler for the onChange event.
  • selectedTab: "write" | "preview": The currently selected tab.
  • onTabChange: (tab) => void: Function called when the selected tab changes.
  • classes?: Object: An object containing the following optional properties: reactMde, toolbar, preview, textArea and suggestionsDropdown. This allows for passing class names to each of the inner components of React-mde. Classes defined in the classes prop follow the specification of Jed Watson's classNames project.
  • commands?: Record<string, Command>: An object with string properties representing keys, and a Command object as value for each key. These are custom commands. Commands are explained in more details below.
  • toolbarCommands?: string[][]: Array of array of strings, indicating which commands should be displayed. Each outer array is a group. Example: [["code", "bold"], ["italic"]]. The default list can be obtained with import { getDefaultToolbarCommands } from 'react-mde', getDefaultToolbarCommands()
  • generateMarkdownPreview: (markdown: string) => Promise<string | ReactElement>;: Function that should return a Promise to the generated HTML or a React element for the preview. If this prop is falsy, then no preview is going to be generated.
  • getIcon?: (commandName: string) => React.ReactNode } An optional set of button content options, including an iconProvider to allow custom icon rendering. options. It is recommended to inspect the layouts source code to see what options can be passed to each while the documentation is not complete.
  • loadingPreview: What to display in the preview while it is loading. Value can be string, React Element or anything React can render.
  • readOnly?: boolean: Flag to render the editor in read-only mode.
  • l18n?: A localization option. It contains the strings write, preview, uploadingImage and pasteDropSelect.
  • minEditorHeight?: number: The minimum height of the editor.
  • maxEditorHeight?: number: The max height of the editor (after that, it will scroll).
  • minPreviewHeight?: number: The minimum height of the preview.
  • heightUnits?: string: The height units, defaults to px.
  • loadSuggestions?: (text: string, triggeredBy: string) => Promise<Suggestion[]>: Function to load mention suggestions based on the given text and triggeredBy (character that triggered the suggestions). The result should be an array of {preview: React.ReactNode, value: string}. The preview is what is going to be displayed in the suggestions box. The value is what is going to be inserted in the textarea on click or enter.
  • suggestionTriggerCharacters (string[]): Characters that will trigger mention suggestions to be loaded. This property is useless without loadSuggestions.
  • suggestionsAutoplace?: boolean: Try to move the suggestions popover around so that it fits in the viewport, defaults to false
  • childProps?: Object: An object containing props to be passed to writeButton, previewButton, commandButtons and textArea.
  • paste: PasteOptions: Options for file upload.

Styling

The following styles from React-mde should be added: (Both .scss and .css files are available. No need to use sass-loader if you don't want)

Easiest way: import react-mde-all.css:

import 'react-mde/lib/styles/css/react-mde-all.css';

If you want to have a more granular control over the styles, you can import each individual file.

If you're using SASS, you can override these variables: https://github.com/andrerpena/react-mde/blob/master/src/styles/variables.scss

XSS concerns

React-mde does not automatically sanitize the HTML preview. If your using Showdown, this has been taken from their documentation:

Cross-side scripting is a well known technique to gain access to private information of the users of a website. The attacker injects spurious HTML content (a script) on the web page which will read the user’s cookies and do something bad with it (like steal credentials). As a countermeasure, you should filter any suspicious content coming from user input. Showdown doesn’t include an XSS filter, so you must provide your own. But be careful in how you do it…

You might want to take a look at showdown-xss-filter.

It is also possible to return a Promise to a React Element from generateMarkdownPreview, which makes it possible to use ReactMarkdown as a preview. View issue. ReactMarkdown has built-in XSS protection.

Please refer to the commands source code to understand how they should be implemented.

Change log / Migrating from older versions

Instructions here.

Licence

React-mde is MIT licensed.

Third party

In order to make React-mde zero deps, I've embedded two small libraries:

About the author

Made with :heart: by André Pena and other awesome contributors.

Added toggle support by Sahircan Sürmeli

twitter

Keywords

react
component
markdown
editor
text-editor
markdown-editor

FAQs

Package last updated on 24 Apr 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages

Research

/

Security News

CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages

The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.

By Socket Research Team  -  Mar 20, 2026