Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
highlight.js
Advanced tools
The highlight.js npm package is a syntax highlighter written in JavaScript. It's used to add syntax highlighting to code blocks on web pages, making them more readable and aesthetically pleasing. It supports a wide range of programming languages and is commonly used in blogs, forums, and other platforms where code is shared.
Syntax Highlighting
Automatically detects and highlights syntax in code blocks on a webpage. This is the most basic usage where it applies highlighting to all code blocks.
hljs.highlightAll();
Custom Language Selection
Highlights a specific code element with a specified language. This allows for more control over which elements are highlighted and in what language.
hljs.highlightElement(document.getElementById('my-code'), {language: 'javascript', ignoreIllegals: true});
Custom Themes
Allows the use of custom themes for syntax highlighting. Themes are available as separate CSS files that can be imported to change the appearance of highlighted code.
import 'highlight.js/styles/atom-one-dark.css';
Line Numbers
Adds line numbers to code blocks. This feature is often used in conjunction with syntax highlighting to improve readability and reference specific lines of code.
document.addEventListener('DOMContentLoaded', (event) => { document.querySelectorAll('pre code').forEach((block) => { hljs.lineNumbersBlock(block); }); });
Highlight.js is a syntax highlighter written in JavaScript. It works in the browser as well as on the server. It works with pretty much any markup, doesn’t depend on any framework, and has automatic language detection.
The bare minimum for using highlight.js on a web page is linking to the
library along with one of the styles and calling
initHighlightingOnLoad
:
<link rel="stylesheet" href="/path/to/styles/default.css">
<script src="/path/to/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
This will find and highlight code inside of <pre><code>
tags; it tries
to detect the language automatically. If automatic detection doesn’t
work for you, you can specify the language in the class
attribute:
<pre><code class="html">...</code></pre>
The list of supported language classes is available in the class
reference. Classes can also be prefixed with either language-
or
lang-
.
To make arbitrary text look like code, but without highlighting, use the
plaintext
class:
<pre><code class="plaintext">...</code></pre>
To disable highlighting altogether use the nohighlight
class:
<pre><code class="nohighlight">...</code></pre>
When you need a bit more control over the initialization of
highlight.js, you can use the highlightBlock
and configure
functions. This allows you to control what to highlight and when.
Here’s an equivalent way to calling initHighlightingOnLoad
using
jQuery:
$(document).ready(function() {
$('pre code').each(function(i, block) {
hljs.highlightBlock(block);
});
});
You can use any tags instead of <pre><code>
to mark up your code. If
you don't use a container that preserves line breaks you will need to
configure highlight.js to use the <br>
tag:
hljs.configure({useBR: true});
$('div.code').each(function(i, block) {
hljs.highlightBlock(block);
});
For other options refer to the documentation for configure
.
You can run highlighting inside a web worker to avoid freezing the browser window while dealing with very big chunks of code.
In your main script:
addEventListener('load', function() {
var code = document.querySelector('#code');
var worker = new Worker('worker.js');
worker.onmessage = function(event) { code.innerHTML = event.data; }
worker.postMessage(code.textContent);
})
In worker.js:
onmessage = function(event) {
importScripts('<path>/highlight.pack.js');
var result = self.hljs.highlightAuto(event.data);
postMessage(result.value);
}
You can get highlight.js as a hosted, or custom-build, browser script or as a server module. Right out of the box the browser script supports both AMD and CommonJS, so if you wish you can use RequireJS or Browserify without having to build from source. The server module also works perfectly fine with Browserify, but there is the option to use a build specific to browsers rather than something meant for a server. Head over to the download page for all the options.
Don't link to GitHub directly. The library is not supposed to work straight from the source, it requires building. If none of the pre-packaged options work for you refer to the building documentation.
The CDN-hosted package doesn't have all the languages. Otherwise it'd be too big. If you don't see the language you need in the "Common" section, it can be added manually:
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/languages/go.min.js"></script>
On Almond. You need to use the optimizer to give the module a name. For example:
r.js -o name=hljs paths.hljs=/path/to/highlight out=highlight.js
You can import Highlight.js as a CommonJS-module:
npm install highlight.js --save
In your application:
import hljs from 'highlight.js';
The default import imports all languages! Therefore it is likely to be more efficient to import only the library and the languages you need:
import hljs from 'highlight.js/lib/highlight';
import javascript from 'highlight.js/lib/languages/javascript';
hljs.registerLanguage('javascript', javascript);
Highlight.js is released under the BSD License. See LICENSE file for details.
The official site for the library is at https://highlightjs.org/.
Further in-depth documentation for the API and other topics is at http://highlightjs.readthedocs.io/.
Authors and contributors are listed in the AUTHORS.en.txt file.
Version 9.13.0
New languages:
New styles:
Improvements:
endSameAsBegin
for nested constructs with variable names
by [Egor Rogov][].@objcMembers
to @attributes
, by [Berk Çebi][]disableAutodetect
for preventing autodetection by [Egor Rogov][]FAQs
Syntax highlighting with language autodetection.
The npm package highlight.js receives a total of 8,286,261 weekly downloads. As such, highlight.js popularity was classified as popular.
We found that highlight.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.