Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
ansi_up is a simple library for converting text that contains ANSI color escape codes into equivalent HTML spans. At the same, it also properly escapes HTML unsafe characters (&,<,>,etc.) into their proper HTML representation. It can also transform any text that looks like a URL into an HTML anchor tag.
This is compliant with AMD (require.js). This code has been used in production since early 2012. This project is actively maintained and welcomes all feedback. Thanks for reading.
Turn this terminal output:
ESC[1;Foreground
[1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [1;30m 30 [0m
[1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [1;31m 31 [0m
[1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [1;32m 32 [0m
...
Into this browser output:
<script src="ansi_up.js" type="text/javascript"></script>
<script type="text/javascript">
var txt = "\n\n\033[1;33;40m 33;40 \033[1;33;41m 33;41 \033[1;33;42m 33;42 \033[1;33;43m 33;43 \033[1;33;44m 33;44 \033[1;33;45m 33;45 \033[1;33;46m 33;46 \033[1m\033[0\n\n\033[1;33;42m >> Tests OK\n\n"
var html = ansi_up.ansi_to_html(txt);
var cdiv = document.getElementById("console");
cdiv.innerHTML = html;
</script>
var ansi_up = require('ansi_up');
var txt = "\n\n\033[1;33;40m 33;40 \033[1;33;41m 33;41 \033[1;33;42m 33;42 \033[1;33;43m 33;43 \033[1;33;44m 33;44 \033[1;33;45m 33;45 \033[1;33;46m 33;46 \033[1m\033[0\n\n\033[1;33;42m >> Tests OK\n\n"
var html = ansi_up.ansi_to_html(txt);
There are examples in the repo that demonstrate an AMD/require.js/ jQuery example as well as a simple browser example.
$ npm install ansi_up
ansi_up should be called via the functions defined on the module. It is recommended that the HTML is rendered with a monospace font and black background. See the examples, for a basic theme as a CSS definition.
This replaces ANSI terminal escape codes with SPAN tags that wrap the content. See the example output above.
This function only interprets ANSI SGR (Select Graphic Rendition) codes that can be represented in HTML. For example, cursor movement codes are ignored and hidden from output.
The default style uses colors that are very close to the prescribed standard. The standard assumes that the text will have a black background. These colors are set as inline styles on the SPAN tags. Another option is to set 'use_classes: true' in the options argument. This will instead set classes on the spans so the colors can be set via CSS. The class names used are of the format ansi-*-fg/bg
and ansi-bright-*-fg/bg
where * is the colour name, i.e black/red/green/yellow/blue/magenta/cyan/white. See the examples directory for a complete CSS theme for these classes.
This does the minimum escaping of text to make it compliant with HTML. In particular, the '&','<', and '>' characters are escaped. This should be run prior to ansi_to_html.
This replaces any links in the text with anchor tags that display the link. The links should have at least one whitespace character surrounding it. Also, you should apply this after you have run ansi_to_html on the text.
This just uses 'make'. The result is just one file. Feel free to include the file in your asset minification process.
To run the tests for ansi_up, run npm install
to install dependencies and then:
$ make test
This code was developed by Dru Nelson (https://github.com/drudru).
Thanks goes to the following contributors for their patches:
(The MIT License)
Copyright (c) 2011 Dru Nelson
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WIT
FAQs
Convert ansi sequences in strings to colorful HTML
The npm package ansi_up receives a total of 50,205 weekly downloads. As such, ansi_up popularity was classified as popular.
We found that ansi_up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.