Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@shikijs/engine-javascript
Advanced tools
@shikijs/engine-javascript is a syntax highlighting engine specifically designed for JavaScript. It is part of the Shiki library, which is a beautiful syntax highlighter. This package allows you to highlight JavaScript code with ease, providing a visually appealing and readable format.
Basic Syntax Highlighting
This feature allows you to highlight JavaScript code using a specified theme. In this example, the 'nord' theme is used to highlight a simple JavaScript code snippet.
const shiki = require('shiki');
shiki.getHighlighter({ theme: 'nord' }).then(highlighter => {
const code = `const x = 10;`;
console.log(highlighter.codeToHtml(code, { lang: 'js' }));
});
Custom Themes
This feature allows you to load and use custom themes for syntax highlighting. The example demonstrates how to load a custom theme from a JSON file and use it to highlight JavaScript code.
const shiki = require('shiki');
shiki.loadTheme('./path/to/custom-theme.json').then(theme => {
return shiki.getHighlighter({ theme });
}).then(highlighter => {
const code = `const y = 20;`;
console.log(highlighter.codeToHtml(code, { lang: 'js' }));
});
Highlighting with Line Numbers
This feature allows you to include line numbers in the highlighted code output. The example shows how to highlight a JavaScript function with line numbers using the 'nord' theme.
const shiki = require('shiki');
shiki.getHighlighter({ theme: 'nord' }).then(highlighter => {
const code = `function add(a, b) {
return a + b;
}`;
console.log(highlighter.codeToHtml(code, { lang: 'js', lineNumbers: true }));
});
highlight.js is a popular syntax highlighting library that supports a wide range of languages and themes. It is highly customizable and easy to integrate into web projects. Compared to @shikijs/engine-javascript, highlight.js offers broader language support but may not provide the same level of customization for JavaScript-specific highlighting.
Prism is a lightweight, extensible syntax highlighter that supports a variety of languages and themes. It is designed to be fast and easy to use. Prism.js offers a modular design, allowing you to include only the components you need. While it is versatile, it may not offer the same out-of-the-box visual appeal as @shikijs/engine-javascript.
CodeMirror is a versatile text editor implemented in JavaScript for the browser. It comes with built-in syntax highlighting for many languages, including JavaScript. CodeMirror is more than just a syntax highlighter; it is a full-featured code editor. It is more complex and feature-rich compared to @shikijs/engine-javascript, which focuses solely on syntax highlighting.
Engine for Shiki using JavaScript's native RegExp (experimental). Uses Oniguruma-To-ES to transpile regex syntax and behavior.
MIT
FAQs
Engine for Shiki using JavaScript's native RegExp
The npm package @shikijs/engine-javascript receives a total of 686,499 weekly downloads. As such, @shikijs/engine-javascript popularity was classified as popular.
We found that @shikijs/engine-javascript demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.