Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
highlight.js
Advanced tools
The highlight.js npm package is a syntax highlighter written in JavaScript. It's used to add syntax highlighting to code blocks on web pages, making them more readable and aesthetically pleasing. It supports a wide range of programming languages and is commonly used in blogs, forums, and other platforms where code is shared.
Syntax Highlighting
Automatically detects and highlights syntax in code blocks on a webpage. This is the most basic usage where it applies highlighting to all code blocks.
hljs.highlightAll();
Custom Language Selection
Highlights a specific code element with a specified language. This allows for more control over which elements are highlighted and in what language.
hljs.highlightElement(document.getElementById('my-code'), {language: 'javascript', ignoreIllegals: true});
Custom Themes
Allows the use of custom themes for syntax highlighting. Themes are available as separate CSS files that can be imported to change the appearance of highlighted code.
import 'highlight.js/styles/atom-one-dark.css';
Line Numbers
Adds line numbers to code blocks. This feature is often used in conjunction with syntax highlighting to improve readability and reference specific lines of code.
document.addEventListener('DOMContentLoaded', (event) => { document.querySelectorAll('pre code').forEach((block) => { hljs.lineNumbersBlock(block); }); });
Highlight.js is a syntax highlighter written in JavaScript. It works in the browser as well as on the server. It works with pretty much any markup, doesn’t depend on any framework, and has automatic language detection.
Version 10 is one of the biggest releases in quite some time. If you're upgrading from version 9, there are some breaking changes and things you may want to double check first.
Please read VERSION_10_UPGRADE.md for high-level summary of breaking changes and any actions you may need to take. See VERSION_10_BREAKING_CHANGES.md for a more detailed list and CHANGES.md to learn what else is new.
Please see SECURITY.md for support information.
The bare minimum for using highlight.js on a web page is linking to the
library along with one of the styles and calling highlightAll
:
<link rel="stylesheet" href="/path/to/styles/default.css">
<script src="/path/to/highlight.min.js"></script>
<script>hljs.highlightAll();</script>
This will find and highlight code inside of <pre><code>
tags; it tries
to detect the language automatically. If automatic detection doesn’t
work for you, you can specify the language in the class
attribute:
<pre><code class="html">...</code></pre>
Classes may also be prefixed with either language-
or lang-
.
<pre><code class="language-html">...</code></pre>
To style arbitrary text like code, but without any highlighting, use the
plaintext
class:
<pre><code class="plaintext">...</code></pre>
To disable highlighting of a tag completely, use the nohighlight
class:
<pre><code class="nohighlight">...</code></pre>
Highlight.js supports over 180 different languages in the core library. There are also 3rd party language plugins available for additional languages. You can find the full list of supported languages in SUPPORTED_LANGUAGES.md.
When you need a bit more control over the initialization of
highlight.js, you can use the highlightBlock
and configure
functions. This allows you to better control what to highlight and when.
Here’s the equivalent of calling highlightAll
using
only vanilla JS:
document.addEventListener('DOMContentLoaded', (event) => {
document.querySelectorAll('pre code').forEach((block) => {
hljs.highlightBlock(block);
});
});
Please refer to the documentation for configure
options.
We strongly recommend <pre><code>
wrapping for code blocks. It's quite
semantic and "just works" out of the box with zero fiddling. It is possible to
use other HTML elements (or combos), but you may need to pay special attention to
preserving linebreaks.
Let's say your markup for code blocks uses divs:
<div class='code'>...</div>
To highlight such blocks manually:
// first, find all the div.code blocks
document.querySelectorAll('div.code').forEach(block => {
// then highlight each
hljs.highlightBlock(block);
});
Without using a tag that preserves linebreaks (like pre
) you'll need some
additional CSS to help preserve them. You could also pre and post-process line
breaks with a plug-in, but we recommend using CSS.
To preserve linebreaks inside a div
using CSS:
div.code {
white-space: pre;
}
Simply register the plugin with Vue:
Vue.use(hljs.vuePlugin);
And you'll be provided with a highlightjs
component for use
in your templates:
<div id="app">
<!-- bind to a data property named `code` -->
<highlightjs autodetect :code="code" />
<!-- or literal code works as well -->
<highlightjs language='javascript' code="var x = 5;" />
</div>
You can run highlighting inside a web worker to avoid freezing the browser window while dealing with very big chunks of code.
In your main script:
addEventListener('load', () => {
const code = document.querySelector('#code');
const worker = new Worker('worker.js');
worker.onmessage = (event) => { code.innerHTML = event.data; }
worker.postMessage(code.textContent);
});
In worker.js:
onmessage = (event) => {
importScripts('<path>/highlight.min.js');
const result = self.hljs.highlightAuto(event.data);
postMessage(result.value);
};
You can use highlight.js with node to highlight content before sending it to the browser.
Make sure to use the .value
property to get the formatted html.
For more info about the returned object refer to the api docs.
// require the highlight.js library, including all languages
const hljs = require('./highlight.js');
const highlightedCode = hljs.highlightAuto('<span>Hello World!</span>').value
Or for a smaller footprint... load just the languages you need.
const hljs = require('highlight.js/lib/core'); // require only the core library
// separately require languages
hljs.registerLanguage('xml', require('highlight.js/lib/languages/xml'));
const highlightedCode = hljs.highlight('<span>Hello World!</span>', {language: 'xml'}).value
First, you'll likely install via npm
or yarn
-- see Getting the Library below.
In your application:
import hljs from 'highlight.js';
The default import imports all languages. Therefore it is likely to be more efficient to import only the library and the languages you need:
import hljs from 'highlight.js/lib/core';
import javascript from 'highlight.js/lib/languages/javascript';
hljs.registerLanguage('javascript', javascript);
To set the syntax highlighting style, if your build tool processes CSS from your JavaScript entry point, you can also import the stylesheet directly as modules:
import hljs from 'highlight.js/lib/core';
import 'highlight.js/styles/github.css';
You can get highlight.js as a hosted, or custom-build, browser script or as a server module. Right out of the box the browser script supports both AMD and CommonJS, so if you wish you can use RequireJS or Browserify without having to build from source. The server module also works perfectly fine with Browserify, but there is the option to use a build specific to browsers rather than something meant for a server.
Do not link to GitHub directly. The library is not supposed to work straight from the source, it requires building. If none of the pre-packaged options work for you refer to the building documentation.
On Almond. You need to use the optimizer to give the module a name. For example:
r.js -o name=hljs paths.hljs=/path/to/highlight out=highlight.js
A prebuilt version of Highlight.js bundled with many common languages is hosted by several popular CDNs. When using Highlight.js via CDN you can use Subresource Integrity for additional security. For details see DIGESTS.md.
cdnjs (link)
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.3/styles/default.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.3/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.3/languages/go.min.js"></script>
jsdelivr (link)
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.7.3/build/styles/default.min.css">
<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.7.3/build/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.7.3/build/languages/go.min.js"></script>
unpkg (link)
<link rel="stylesheet" href="https://unpkg.com/@highlightjs/cdn-assets@10.7.3/styles/default.min.css">
<script src="https://unpkg.com/@highlightjs/cdn-assets@10.7.3/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://unpkg.com/@highlightjs/cdn-assets@10.7.3/languages/go.min.js"></script>
Note: The CDN-hosted highlight.min.js
package doesn't bundle every language. It would be
very large. You can find our list of "common" languages that we bundle by default on our download page.
The download page can quickly generate a custom bundle including only the languages you need.
Alternatively, you can build a browser package from source:
node tools/build.js -t browser :common
See our building documentation for more information.
Note: Building from source should always result in the smallest size builds. The website download page is optimized for speed, not size.
You can also download and self-host the same assets we serve up via our own CDNs. We publish those builds to the cdn-release GitHub repository. You can easily pull individual files off the CDN endpoints with curl
, etc; if say you only needed highlight.min.js
and a single CSS file.
There is also an npm package @highlightjs/cdn-assets if pulling the assets in via npm
or yarn
would be easier for your build process.
Highlight.js can also be used on the server. The package with all supported languages can be installed from NPM or Yarn:
npm install highlight.js
# or
yarn add highlight.js
Alternatively, you can build it from source:
node tools/build.js -t node
See our building documentation for more information.
Current source is always available on GitHub.
Highlight.js is released under the BSD License. See LICENSE file for details.
The official site for the library is at https://highlightjs.org/.
Further in-depth documentation for the API and other topics is at http://highlightjs.readthedocs.io/.
A list of the Core Team and contributors can be found in the CONTRIBUTORS.md file.
FAQs
Syntax highlighting with language autodetection.
The npm package highlight.js receives a total of 4,734,250 weekly downloads. As such, highlight.js popularity was classified as popular.
We found that highlight.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.