Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
highlight.js
Advanced tools
The highlight.js npm package is a syntax highlighter written in JavaScript. It's used to add syntax highlighting to code blocks on web pages, making them more readable and aesthetically pleasing. It supports a wide range of programming languages and is commonly used in blogs, forums, and other platforms where code is shared.
Syntax Highlighting
Automatically detects and highlights syntax in code blocks on a webpage. This is the most basic usage where it applies highlighting to all code blocks.
hljs.highlightAll();
Custom Language Selection
Highlights a specific code element with a specified language. This allows for more control over which elements are highlighted and in what language.
hljs.highlightElement(document.getElementById('my-code'), {language: 'javascript', ignoreIllegals: true});
Custom Themes
Allows the use of custom themes for syntax highlighting. Themes are available as separate CSS files that can be imported to change the appearance of highlighted code.
import 'highlight.js/styles/atom-one-dark.css';
Line Numbers
Adds line numbers to code blocks. This feature is often used in conjunction with syntax highlighting to improve readability and reference specific lines of code.
document.addEventListener('DOMContentLoaded', (event) => { document.querySelectorAll('pre code').forEach((block) => { hljs.lineNumbersBlock(block); }); });
Highlight.js is a syntax highlighter written in JavaScript. It works in the browser as well as on the server. It works with pretty much any markup, doesn’t depend on any framework, and has automatic language detection.
Version 10 is one of the biggest releases in quite some time. If you're upgrading from version 9, there are some breaking changes and things you may want to double check first.
Please read VERSION_10_UPGRADE.md for high-level summary of breaking changes and any actions you may need to take. See VERSION_10_BREAKING_CHANGES.md for a more detailed list and CHANGES.md to learn what else is new.
Please see OLD_VERSIONS.md for support information.
The bare minimum for using highlight.js on a web page is linking to the
library along with one of the styles and calling initHighlightingOnLoad
:
<link rel="stylesheet" href="/path/to/styles/default.css">
<script src="/path/to/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
This will find and highlight code inside of <pre><code>
tags; it tries
to detect the language automatically. If automatic detection doesn’t
work for you, you can specify the language in the class
attribute:
<pre><code class="html">...</code></pre>
Classes may also be prefixed with either language-
or lang-
.
<pre><code class="language-html">...</code></pre>
To style arbitrary text like code, but without any highlighting, use the
plaintext
class:
<pre><code class="plaintext">...</code></pre>
To disable highlighting of a tag completely, use the nohighlight
class:
<pre><code class="nohighlight">...</code></pre>
Highlight.js supports over 180 different languages in the core library. There are also 3rd party language plugins available for additional languages. You can find the full list of supported languages in SUPPORTED_LANGUAGES.md.
When you need a bit more control over the initialization of
highlight.js, you can use the highlightBlock
and configure
functions. This allows you to control what to highlight and when.
Here’s an equivalent way to calling initHighlightingOnLoad
using
vanilla JS:
document.addEventListener('DOMContentLoaded', (event) => {
document.querySelectorAll('pre code').forEach((block) => {
hljs.highlightBlock(block);
});
});
You can use any tags instead of <pre><code>
to mark up your code. If
you don't use a container that preserves line breaks you will need to
configure highlight.js to use the <br>
tag:
hljs.configure({useBR: true});
document.querySelectorAll('div.code').forEach((block) => {
hljs.highlightBlock(block);
});
For other options refer to the documentation for configure
.
Simply register the plugin with Vue:
Vue.use(hljs.vuePlugin);
And you'll be provided with a highlightjs
component for use
in your templates:
<div id="app">
<!-- bind to a data property named `code` -->
<highlightjs autodetect :code="code" />
<!-- or literal code works as well -->
<highlightjs language='javascript' code="var x = 5;" />
</div>
You can run highlighting inside a web worker to avoid freezing the browser window while dealing with very big chunks of code.
In your main script:
addEventListener('load', () => {
const code = document.querySelector('#code');
const worker = new Worker('worker.js');
worker.onmessage = (event) => { code.innerHTML = event.data; }
worker.postMessage(code.textContent);
});
In worker.js:
onmessage = (event) => {
importScripts('<path>/highlight.min.js');
const result = self.hljs.highlightAuto(event.data);
postMessage(result.value);
};
You can use highlight.js with node to highlight content before sending it to the browser.
Make sure to use the .value
property to get the formatted html.
For more info about the returned object refer to the api docs https://highlightjs.readthedocs.io/en/latest/api.html
// require the highlight.js library, including all languages
const hljs = require('./highlight.js');
const highlightedCode = hljs.highlightAuto('<span>Hello World!</span>').value
Or for a smaller footprint... load just the languages you need.
const hljs = require("highlight.js/lib/core"); // require only the core library
// separately require languages
hljs.registerLanguage('xml', require('highlight.js/lib/languages/xml'));
const highlightedCode = hljs.highlight('xml', '<span>Hello World!</span>').value
First, you'll likely install via npm
or yarn
-- see Getting the Library below.
In your application:
import hljs from 'highlight.js';
The default import imports all languages. Therefore it is likely to be more efficient to import only the library and the languages you need:
import hljs from 'highlight.js/lib/core';
import javascript from 'highlight.js/lib/languages/javascript';
hljs.registerLanguage('javascript', javascript);
To set the syntax highlighting style, if your build tool processes CSS from your JavaScript entry point, you can also import the stylesheet directly as modules:
import hljs from 'highlight.js/lib/core';
import 'highlight.js/styles/github.css';
You can get highlight.js as a hosted, or custom-build, browser script or as a server module. Right out of the box the browser script supports both AMD and CommonJS, so if you wish you can use RequireJS or Browserify without having to build from source. The server module also works perfectly fine with Browserify, but there is the option to use a build specific to browsers rather than something meant for a server.
Do not link to GitHub directly. The library is not supposed to work straight from the source, it requires building. If none of the pre-packaged options work for you refer to the building documentation.
On Almond. You need to use the optimizer to give the module a name. For example:
r.js -o name=hljs paths.hljs=/path/to/highlight out=highlight.js
A prebuilt version of highlight.js bundled with many common languages is hosted by the following CDNs:
cdnjs (link)
<link rel="stylesheet"
href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.3.2/styles/default.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.3.2/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script charset="UTF-8"
src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.3.2/languages/go.min.js"></script>
jsdelivr (link)
<link rel="stylesheet"
href="//cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.3.2/build/styles/default.min.css">
<script src="//cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.3.2/build/highlight.min.js"></script>
Note: The CDN-hosted highlight.min.js
package doesn't bundle every language. It would be
very large. You can find our list "common" languages that we bundle by default on our download page.
The download page can quickly generate a custom bundle including only the languages you need.
Alternatively, you can build a browser package from source:
node tools/build.js -t browser :common
See our building documentation for more information.
Note: Building from source should always result in the smallest size builds. The website download page is optimized for speed, not size.
You can also download and self-host the same assets we serve up via our own CDNs. We publish those builds to the cdn-release GitHub repository. You can easily pull individual files off the CDN endpoints with curl
, etc; if say you only needed highlight.min.js
and a single CSS file.
There is also an npm package @highlightjs/cdn-assets if pulling the assets in via npm
or yarn
would be easier for your build process.
Highlight.js can also be used on the server. The package with all supported languages can be installed from NPM or Yarn:
npm install highlight.js
# or
yarn add highlight.js
Alternatively, you can build it from source:
node tools/build.js -t node
See our building documentation for more information.
Current source is always available on GitHub.
Highlight.js is released under the BSD License. See LICENSE file for details.
The official site for the library is at https://highlightjs.org/.
Further in-depth documentation for the API and other topics is at http://highlightjs.readthedocs.io/.
Authors and contributors are listed in the AUTHORS.txt file.
FAQs
Syntax highlighting with language autodetection.
The npm package highlight.js receives a total of 8,286,261 weekly downloads. As such, highlight.js popularity was classified as popular.
We found that highlight.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.