Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
highlight.js
Advanced tools
The highlight.js npm package is a syntax highlighter written in JavaScript. It's used to add syntax highlighting to code blocks on web pages, making them more readable and aesthetically pleasing. It supports a wide range of programming languages and is commonly used in blogs, forums, and other platforms where code is shared.
Syntax Highlighting
Automatically detects and highlights syntax in code blocks on a webpage. This is the most basic usage where it applies highlighting to all code blocks.
hljs.highlightAll();
Custom Language Selection
Highlights a specific code element with a specified language. This allows for more control over which elements are highlighted and in what language.
hljs.highlightElement(document.getElementById('my-code'), {language: 'javascript', ignoreIllegals: true});
Custom Themes
Allows the use of custom themes for syntax highlighting. Themes are available as separate CSS files that can be imported to change the appearance of highlighted code.
import 'highlight.js/styles/atom-one-dark.css';
Line Numbers
Adds line numbers to code blocks. This feature is often used in conjunction with syntax highlighting to improve readability and reference specific lines of code.
document.addEventListener('DOMContentLoaded', (event) => { document.querySelectorAll('pre code').forEach((block) => { hljs.lineNumbersBlock(block); }); });
Highlight.js is a syntax highlighter written in JavaScript. It works in the browser as well as on the server. It can work with pretty much any markup, doesn’t depend on any other frameworks, and has automatic language detection.
Contents
As always, major releases do contain breaking changes which may require action from users. Please read VERSION_11_UPGRADE.md for a detailed summary of breaking changes and any actions you may need to take.
Please see SECURITY.md for long-term support information.
The bare minimum for using highlight.js on a web page is linking to the
library along with one of the themes and calling highlightAll
:
<link rel="stylesheet" href="/path/to/styles/default.min.css">
<script src="/path/to/highlight.min.js"></script>
<script>hljs.highlightAll();</script>
This will find and highlight code inside of <pre><code>
tags; it tries
to detect the language automatically. If automatic detection doesn’t
work for you, or you simply prefer to be explicit, you can specify the language manually by using the class
attribute:
<pre><code class="language-html">...</code></pre>
To apply the Highlight.js styling to plaintext without actually highlighting it, use the plaintext
language:
<pre><code class="language-plaintext">...</code></pre>
To skip highlighting of a code block completely, use the nohighlight
class:
<pre><code class="nohighlight">...</code></pre>
The bare minimum to auto-detect the language and highlight some code.
// load the library and ALL languages
hljs = require('highlight.js');
html = hljs.highlightAuto('<h1>Hello World!</h1>').value
To load only a "common" subset of popular languages:
hljs = require('highlight.js/lib/common');
To highlight code with a specific language, use highlight
:
html = hljs.highlight('<h1>Hello World!</h1>', {language: 'xml'}).value
See Importing the Library for more examples of require
vs import
usage, etc. For more information about the result object returned by highlight
or highlightAuto
refer to the api docs.
Highlight.js supports over 180 languages in the core library. There are also 3rd party language definitions available to support even more languages. You can find the full list of supported languages in SUPPORTED_LANGUAGES.md.
If you need a bit more control over the initialization of
Highlight.js, you can use the highlightElement
and configure
functions. This allows you to better control what to highlight and when.
For example, here’s the rough equivalent of calling highlightAll
but doing the work manually instead:
document.addEventListener('DOMContentLoaded', (event) => {
document.querySelectorAll('pre code').forEach((el) => {
hljs.highlightElement(el);
});
});
Please refer to the documentation for configure
options.
We strongly recommend <pre><code>
wrapping for code blocks. It's quite
semantic and "just works" out of the box with zero fiddling. It is possible to
use other HTML elements (or combos), but you may need to pay special attention to
preserving linebreaks.
Let's say your markup for code blocks uses divs:
<div class='code'>...</div>
To highlight such blocks manually:
// first, find all the div.code blocks
document.querySelectorAll('div.code').forEach(el => {
// then highlight each
hljs.highlightElement(el);
});
Without using a tag that preserves linebreaks (like pre
) you'll need some
additional CSS to help preserve them. You could also pre and post-process line
breaks with a plug-in, but we recommend using CSS.
To preserve linebreaks inside a div
using CSS:
div.code {
white-space: pre;
}
See highlightjs/vue-plugin for a simple Vue plugin that works great with Highlight.js.
An example of vue-plugin
in action:
<div id="app">
<!-- bind to a data property named `code` -->
<highlightjs autodetect :code="code" />
<!-- or literal code works as well -->
<highlightjs language='javascript' code="var x = 5;" />
</div>
You can run highlighting inside a web worker to avoid freezing the browser window while dealing with very big chunks of code.
In your main script:
addEventListener('load', () => {
const code = document.querySelector('#code');
const worker = new Worker('worker.js');
worker.onmessage = (event) => { code.innerHTML = event.data; }
worker.postMessage(code.textContent);
});
In worker.js:
onmessage = (event) => {
importScripts('<path>/highlight.min.js');
const result = self.hljs.highlightAuto(event.data);
postMessage(result.value);
};
First, you'll likely be installing the library via npm
or yarn
-- see Getting the Library.
require
Requiring the top-level library will load all languages:
// require the highlight.js library, including all languages
const hljs = require('./highlight.js');
const highlightedCode = hljs.highlightAuto('<span>Hello World!</span>').value
For a smaller footprint, load our common subset of languages (the same set used for our default web build).
const hljs = require('highlight.js/lib/common');
For the smallest footprint, load only the languages you need:
const hljs = require('highlight.js/lib/core');
hljs.registerLanguage('xml', require('highlight.js/lib/languages/xml'));
const highlightedCode = hljs.highlight('<span>Hello World!</span>', {language: 'xml'}).value
import
Note: You can also import directly from fully static URLs, such as our very own pre-built ES6 Module CDN resources. See Fetch via CDN for specific examples.
The default import will register all languages:
import hljs from 'highlight.js';
It is more efficient to import only the library and register the languages you need:
import hljs from 'highlight.js/lib/core';
import javascript from 'highlight.js/lib/languages/javascript';
hljs.registerLanguage('javascript', javascript);
If your build tool processes CSS imports, you can also import the theme directly as a module:
import hljs from 'highlight.js';
import 'highlight.js/styles/github.css';
You can get highlight.js as a hosted, or custom-build, browser script or as a server module. Right out of the box the browser script supports both AMD and CommonJS, so if you wish you can use RequireJS or Browserify without having to build from source. The server module also works perfectly fine with Browserify, but there is the option to use a build specific to browsers rather than something meant for a server.
Do not link to GitHub directly. The library is not supposed to work straight from the source, it requires building. If none of the pre-packaged options work for you refer to the building documentation.
On Almond. You need to use the optimizer to give the module a name. For example:
r.js -o name=hljs paths.hljs=/path/to/highlight out=highlight.js
A prebuilt version of Highlight.js bundled with many common languages is hosted by several popular CDNs. When using Highlight.js via CDN you can use Subresource Integrity for additional security. For details see DIGESTS.md.
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/styles/default.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/languages/go.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/styles/dark.min.css">
<script type="module">
import hljs from 'https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/es/highlight.min.js';
// and it's easy to individually load additional languages
import go from 'https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.10.0/es/languages/go.min.js';
hljs.registerLanguage('go', go);
</script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/styles/default.min.css">
<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/languages/go.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/styles/default.min.css">
<script type="module">
import hljs from 'https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/es/highlight.min.js';
// and it's easy to individually load additional languages
import go from 'https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.10.0/build/es/languages/go.min.js';
hljs.registerLanguage('go', go);
</script>
<link rel="stylesheet" href="https://unpkg.com/@highlightjs/cdn-assets@11.10.0/styles/default.min.css">
<script src="https://unpkg.com/@highlightjs/cdn-assets@11.10.0/highlight.min.js"></script>
<!-- and it's easy to individually load additional languages -->
<script src="https://unpkg.com/@highlightjs/cdn-assets@11.10.0/languages/go.min.js"></script>
<link rel="stylesheet" href="https://unpkg.com/@highlightjs/cdn-assets@11.10.0/styles/default.min.css">
<script type="module">
import hljs from 'https://unpkg.com/@highlightjs/cdn-assets@11.10.0/es/highlight.min.js';
// and it's easy to individually load & register additional languages
import go from 'https://unpkg.com/@highlightjs/cdn-assets@11.10.0/es/languages/go.min.js';
hljs.registerLanguage('go', go);
</script>
Note: The CDN-hosted highlight.min.js
package doesn't bundle every language. It would be
very large. You can find our list of "common" languages that we bundle by default on our download page.
You can also download and self-host the same assets we serve up via our own CDNs. We publish those builds to the cdn-release GitHub repository. You can easily pull individual files off the CDN endpoints with curl
, etc; if say you only needed highlight.min.js
and a single CSS file.
There is also an npm package @highlightjs/cdn-assets if pulling the assets in via npm
or yarn
would be easier for your build process.
The download page can quickly generate a custom single-file minified bundle including only the languages you desire.
Note: Building from source can produce slightly smaller builds than the website download.
Our NPM package including all supported languages can be installed with NPM or Yarn:
npm install highlight.js
# or
yarn add highlight.js
Alternatively, you can build the NPM package from source.
The current source code is always available on GitHub.
node tools/build.js -t node
node tools/build.js -t browser :common
node tools/build.js -t cdn :common
See our building documentation for more information.
Highlight.js works on all modern browsers and currently supported Node.js versions. You'll need the following software to contribute to the core library:
Highlight.js is released under the BSD License. See our LICENSE file for details.
The official website for the library is https://highlightjs.org/.
Further in-depth documentation for the API and other topics is at http://highlightjs.readthedocs.io/.
A list of the Core Team and contributors can be found in the CONTRIBUTORS.md file.
Version 11.10.0
CAVEATS / POTENTIALLY BREAKING CHANGES
Core Grammars:
satisfies
operator [Kisaragi Hiu][]or
conflicts with string highlighting [Mohamed Ali][]self
variable [Lee Falin][]goto
to be recognized as a keyword in Java [Alvin Joy][]sudo
[Alvin Joy][]new
keyword without capturing it within variables/class names [Cameron Taylor][]_
separators, add hex p exponents [Lisa Ugray][]justify-items
and justify-self
attributes [Vasily Polovnyov][]accent-color
, appearance
, color-scheme
, rotate
, scale
and translate
attributes [Carl Räfting][]select
, option
, optgroup
, picture
and source
to list of known tags [Vasily Polovnyov][]inset
, inset-*
, border-start-*-radius
and border-end-*-radius
attributes [Vasily Polovnyov][]text-decoration-skip-ink
, text-decoration-thickness
and text-underline-offset
attributes [Vasily Polovnyov][]when
to be recognized as a keyword in Java [Chiel van de Steeg][]New Grammars:
Developer Tool:
highlight
API [Misha Kaletsky][]Themes:
1c-light
theme a like in the IDE 1C:Enterprise 8 (for 1c) [Vitaly Barilko][]FAQs
Syntax highlighting with language autodetection.
The npm package highlight.js receives a total of 7,012,107 weekly downloads. As such, highlight.js popularity was classified as popular.
We found that highlight.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.