
Security News
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
~2 KB (gzipped) terminal ANSI color formatting with explicit entrypoints.
| Package | Runtime | Gzipped | Types |
|---|---|---|---|
| ansispeck1 | 4.05 KB | 1.79 KB | 9.03 KB |
See BENCHMARKS for full results across Bun and Node.
npm install ansispeck
import c from "ansispeck";
console.log(c.red("Error!"));
console.log(c.bold(c.green("Success")));
console.log(c.bgYellow(c.black("Warning")));
import { createColors } from "ansispeck";
const c = createColors(false); // force disable
console.log(c.red("plain text"));
| Import | Behavior |
|---|---|
ansispeck | Auto-detected color support (alias: ansispeck/auto) |
ansispeck/raw | Always emits ANSI codes |
ansispeck/noop | Never emits codes — plain string coercion |
ansispeck/safe | Template tags that re-open styles across interpolations (leak-proof) |
ansispeck/rope | Chunk/rope builders — O(1) styled composition, O(n) structural render |
All plain-formatter entrypoints (auto/raw/noop) share nesting-safe
close-code replacement, so composed styles never leak.
import { red, bold } from "ansispeck/safe";
const user = "wo\x1b[39mrld"; // hostile input cannot break the style
console.log(red`hello ${user}!`);
console.log(bold`${red`nested`} works too`);
import { red, blue, concat, render } from "ansispeck/rope";
const chunk = red(concat("a", blue("b"), "c")); // O(1), no string scans
console.log(render(chunk)); // re-opens red after blue closes — structurally
All formatters accept string | number | null | undefined and return string.
reset bold dim italic underline inverse hidden strikethrough overline doubleUnderline blink
black red green yellow blue magenta cyan white gray
blackBright redBright greenBright yellowBright blueBright magentaBright cyanBright whiteBright
bgBlack bgRed bgGreen bgYellow bgBlue bgMagenta bgCyan bgWhite
bgBlackBright bgRedBright bgGreenBright bgYellowBright bgBlueBright bgMagentaBright bgCyanBright bgWhiteBright
c.fg256(208)("orange"); // \x1b[38;5;208m
c.bg256(17)("navy bg"); // \x1b[48;5;17m
c.rgb(255, 136, 0)("orange"); // \x1b[38;2;255;136;0m
c.bgRgb(0, 0, 0)("black bg");
c.hex("#ff8800")("orange"); // #rgb and #rrggbb, # optional
c.bgHex("#f80")("orange bg");
link(url, text?) — OSC 8 terminal hyperlink, accepts string | URL, text defaults to the URL; also usable as a template tagimport { pathToFileURL } from "node:url";
console.log(c.link("https://example.com", "docs"));
console.log(c.link(pathToFileURL("README.md"), "readme")); // file:// out of the box
console.log(c.link`https://example.com/issues/${42}`); // template tag, text = url
Hyperlink emission is gated independently of color (see Detection): with links off, link returns its text plain, so an omitted label degrades to the destination URL.
createColors(enabled?, hyperlinksEnabled?) — create a color set; hyperlinksEnabled defaults to enabledcreateSafeColors(enabled?, hyperlinksEnabled?) (from ansispeck/safe) — template-tag color setcreateRope(enabled?) (from ansispeck/rope) — rope color setisColorSupported / isHyperlinkSupported — auto-detected booleansdetectColorSupport() / detectHyperlinkSupport() — run detection on demandstrip(input) — remove all ANSI SGR and OSC sequencesColor respects NO_COLOR, FORCE_COLOR, --no-color, --color, CI, and TTY status.
Explicit force (FORCE_COLOR/--color) beats explicit disable (NO_COLOR/--no-color),
which beats platform heuristics.
Hyperlinks are detected separately — OSC 8 support is orthogonal to SGR color — per the
no-hyperlinks convention: NO_HYPERLINKS / --no-hyperlinks beats
FORCE_HYPERLINKS / --hyperlinks, which beats TTY status. Non-interactive streams get no links.
0BSD
Default entry's full import chain (entry + shared chunks), minified by tsdown;
measured by scripts/compare-size.sh, regenerated at release. ↩
FAQs
ANSI that slips in and gets to work.
The npm package ansispeck receives a total of 447 weekly downloads. As such, ansispeck popularity was classified as not popular.
We found that ansispeck demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.