New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

dword

Package Overview
Dependencies
Maintainers
1
Versions
341
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dword

Web editor based on CodeMirror

latest
Source
npmnpm
Version
16.0.1
Version published
Maintainers
1
Created
Source

Dword License NPM version

Web editor based on CodeMirror. Fork of edward.

dword

Features

  • Syntax highlighting based on extension of file for over 90 languages.
  • Built-in emmet (for html files)
  • Drag n drop (drag file from desktop to editor).
  • Configurable options (json/edit.json could be overriden by ~/.dword.json)

Install

npm i dword -g

NPM_INFO

Command line parameters

Usage: dword [filename]

ParameterOperation
-h, --helpdisplay help and exit
-v, --versionoutput version information and exit

Hot keys

KeyOperation
Ctrl + ssave
Ctrl + ffind
Ctrl + hreplace
Ctrl + ggo to line
Ctrl + eevaluate (JavaScript only supported)

API

dword could be used as middleware for express. For this purpuse API could be used.

Server

dword(options)

Middleware of dword. Options could be omitted.

import {dword} from 'dword';
import express from 'express';

const app = express();

app.use(dword({
    root: '/', // default
    online: true, // default
    diff: true, // default
    zip: true, // default
    dropbox: false, // optional
    dropboxToken: 'token', //  optional
}));

app.listen(31_337);

dword.listen(socket)

Could be used with socket.io to handle editor events with.

import {Server} from 'socket.io';
const socket = new Server(server);

dword.listen(socket, {
    // optional
    prefixSocket: '/dword',
    // optional
    auth: (accept, reject) => (username, password) => {
        accept();
    },
});

Client

Dword uses codemirror on client side, so API is similar. All you need is put minimal html, css, and js into your page.

Minimal html:

<div class="edit" data-name="js-edit"></div>
<script src="/dword/dword.js"></script>

Minimal css:

html, body, .edit {
    height: 100%;
    margin: 0;
}

Minimal js:

dword('[data-name="js-edit"]', (editor) => {
    editor.setValue('hello dword');
    console.log('dword is ready');
});

Client API

dword(selector, callback)
  • selector: string
  • callback: EditorCallback

Initialize new instance

editor.setValue(value)
  • value: string

Set value to editor.

editor.getValue()
  • returns: string

Get value from editor.

Types
interface Editor {
    setValue: (value: string) => void;
    getValue: () => string;
}

type EditorCallback = (editor: Editor) => void;
type Dword = (selector: string, callback: EditorCallback) => void;

For more information you could always look around client/dword.js directory.

Related

License

MIT

Keywords

editor
express
middleware
monaco
patch
diff

FAQs

Package last updated on 13 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026