Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
ansi_up is an easy to use library that transforms text containing ANSI color escape codes into HTML.
This module is a single Javascript file with no dependencies. It is "isomorphic" javascript. This is just another way of saying that the ansi_up.js file will work in both the browser or node.js. The js library is compiled from TypeScript and its type description ships with the NPM. This code has been used in production since 2011 and is actively maintained.
For example, turn this terminal output:
ESC[1;Foreground
[1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [0m
[1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [0m
[1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [0m
...
...into this browser output:
<script src="ansi_up.js" type="text/javascript"></script>
<script type="text/javascript">
var txt = "\n\n\033[1;33;40m 33;40 \033[1;33;41m 33;41 \033[1;33;42m 33;42 \033[1;33;43m 33;43 \033[1;33;44m 33;44 \033[1;33;45m 33;45 \033[1;33;46m 33;46 \033[1m\033[0\n\n\033[1;33;42m >> Tests OK\n\n"
var ansi_up = new AnsiUp;
var html = ansi_up.ansi_to_html(txt);
var cdiv = document.getElementById("console");
cdiv.innerHTML = html;
</script>
var AU = require('ansi_up');
var ansi_up = new AU.default;
var txt = "\n\n\033[1;33;40m 33;40 \033[1;33;41m 33;41 \033[1;33;42m 33;42 \033[1;33;43m 33;43 \033[1;33;44m 33;44 \033[1;33;45m 33;45 \033[1;33;46m 33;46 \033[1m\033[0\n\n\033[1;33;42m >> Tests OK\n\n"
var html = ansi_up.ansi_to_html(txt);
More examples are in the 'examples' directory in the repo.
import {
default as AnsiUp
} from 'ansi_up';
const ansi_up = new AnsiUp();
const txt = "\n\n\x1B[1;33;40m 33;40 \x1B[1;33;41m 33;41 \x1B[1;33;42m 33;42 \x1B[1;33;43m 33;43 \x1B[1;33;44m 33;44 \x1B[1;33;45m 33;45 \x1B[1;33;46m 33;46 \x1B[1m\x1B[0\n\n\x1B[1;33;42m >> Tests OK\n\n"
let html = ansi_up.ansi_to_html(txt);
$ npm install ansi_up
You only need the ansi_to_html method. The other properties listed below allow you to override some of the escaping behaviour. You probably don't need to change these from their default values.
It is recommended that the HTML container that holds the span tags is styled with a monospace font. A PRE tag would work just fine for this. It is also recommended that the HTML container is styled with a black background. See the examples, for more CSS theming.
This transforms ANSI terminal escape codes/sequences into SPAN tags that wrap and style the content.
This method only interprets ANSI SGR (Select Graphic Rendition) codes or escaped URL codes. For example, cursor movement codes are ignored and hidden from output.
This method also safely escapes any unsafe HTML characters.
The default style uses colors that are very close to the prescribed standard.
The standard assumes that the text will have a black background.
These colors are set as inline styles on the SPAN tags.
Another option is to set the 'use_classes' property to true'.
This will instead set classes on the spans so the colors can be set via CSS.
The class names used are of the format ansi-*-fg/bg
and ansi-bright-*-fg/bg
where * is the colour name, i.e black/red/green/yellow/blue/magenta/cyan/white.
See the examples directory for a complete CSS theme for these classes.
(default: true)
This does the minimum escaping of text to make it compliant with HTML. In particular, the '&','<', and '>' characters are escaped. It is ** highly ** recommended that you do not set this to false. It will open the door security vulnerabilities.
(default: false)
This causes the SPAN tags to use classes to style the SPAN tags instead of specified RGB values.
(default: { 'http':1, 'https':1 };
This mapping is a whitelist of URI schemes that will be allowed to render HTML anchor tags.
In general, the ansi_to_html should emit HTML when invoked with a non-empty string. The only exceptions are an incomplete ESC sequence or an incomplete escaped URL. For those cases, the library will buffer the escape or the sequence for the escaped URL.
The library is also stateful. If a color is set in a prior invocation, then it will continue to emit that color in further invocations until the color/SGR attribute is changed.
I have used this library to 'tail' a file.
On a remote machine, I had process generating a log file. I had a web server running on the same machine. The server hosted a simple HTML page that used AJAX to poll an object with a range query. Specifically I used an HTTP/1.1 GET request with RFC 7233 Range query. The first range query would start at 0, but then progressively move forward after new data was received.
For each new chunk of data received, I would transform the data with ansi_up, and append the new spans to the innerHTML of a PRE tag.
One last important note, ansi_up takes its input in the form of a Javascript string. These strings are UTF8. When you take the output of some program and send it to Javascript, there will be buffering. Be sure that you do not send incomplete UTF8 sequences. Javascript will ignore or drop the sequence from the stream when it converts it to a string.
To build, a simple Makefile handles it all.
$ make
To run the tests for ansi_up, run npm install
to install dev dependencies. Then:
$ make test
This code was developed by Dru Nelson (https://github.com/drudru).
Thanks goes to the following contributors for their patches:
FAQs
Convert ansi sequences in strings to colorful HTML
The npm package ansi_up receives a total of 0 weekly downloads. As such, ansi_up popularity was classified as not popular.
We found that ansi_up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.