Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@shikijs/engine-javascript
Advanced tools
@shikijs/engine-javascript is a syntax highlighting engine specifically designed for JavaScript. It is part of the Shiki library, which is a beautiful syntax highlighter. This package allows you to highlight JavaScript code with ease, providing a visually appealing and readable format.
Basic Syntax Highlighting
This feature allows you to highlight JavaScript code using a specified theme. In this example, the 'nord' theme is used to highlight a simple JavaScript code snippet.
const shiki = require('shiki');
shiki.getHighlighter({ theme: 'nord' }).then(highlighter => {
const code = `const x = 10;`;
console.log(highlighter.codeToHtml(code, { lang: 'js' }));
});
Custom Themes
This feature allows you to load and use custom themes for syntax highlighting. The example demonstrates how to load a custom theme from a JSON file and use it to highlight JavaScript code.
const shiki = require('shiki');
shiki.loadTheme('./path/to/custom-theme.json').then(theme => {
return shiki.getHighlighter({ theme });
}).then(highlighter => {
const code = `const y = 20;`;
console.log(highlighter.codeToHtml(code, { lang: 'js' }));
});
Highlighting with Line Numbers
This feature allows you to include line numbers in the highlighted code output. The example shows how to highlight a JavaScript function with line numbers using the 'nord' theme.
const shiki = require('shiki');
shiki.getHighlighter({ theme: 'nord' }).then(highlighter => {
const code = `function add(a, b) {
return a + b;
}`;
console.log(highlighter.codeToHtml(code, { lang: 'js', lineNumbers: true }));
});
highlight.js is a popular syntax highlighting library that supports a wide range of languages and themes. It is highly customizable and easy to integrate into web projects. Compared to @shikijs/engine-javascript, highlight.js offers broader language support but may not provide the same level of customization for JavaScript-specific highlighting.
Prism is a lightweight, extensible syntax highlighter that supports a variety of languages and themes. It is designed to be fast and easy to use. Prism.js offers a modular design, allowing you to include only the components you need. While it is versatile, it may not offer the same out-of-the-box visual appeal as @shikijs/engine-javascript.
CodeMirror is a versatile text editor implemented in JavaScript for the browser. It comes with built-in syntax highlighting for many languages, including JavaScript. CodeMirror is more than just a syntax highlighter; it is a full-featured code editor. It is more complex and feature-rich compared to @shikijs/engine-javascript, which focuses solely on syntax highlighting.
Engine for Shiki using JavaScript's native RegExp (experimental). Uses Oniguruma-To-ES to transpile regex syntax and behavior.
MIT
FAQs
Engine for Shiki using JavaScript's native RegExp
We found that @shikijs/engine-javascript demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.