Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The kleur npm package is a library for formatting terminal text with ANSI colors. It provides a simple and chainable API to style strings that are output to the console with various colors, backgrounds, and text styles.
Coloring text
This feature allows you to apply text color to your console output. The example shows how to color the text green.
const kleur = require('kleur');
console.log(kleur.green('Hello world!'));
Chaining styles
Kleur supports chaining multiple styles together. In this example, the text 'Error!' is styled to be red, bold, and underlined.
const kleur = require('kleur');
console.log(kleur.red().bold().underline('Error!'));
Background colors
You can also set background colors for your text. Here, the text 'Info' has a blue background with white foreground color.
const kleur = require('kleur');
console.log(kleur.bgBlue().white('Info'));
Conditional styling
Kleur allows conditional styling, where you can enable or disable colors based on certain conditions. In this example, the red color is applied only if the environment is not production.
const kleur = require('kleur');
const enabled = process.env.NODE_ENV !== 'production';
console.log(kleur.enabled(enabled).red('Only styled if not in production'));
Chalk is a popular npm package similar to kleur that allows for styling terminal strings. It offers a more extensive API and additional features like template literal support and custom themes, but it is slightly larger in size compared to kleur.
Colors is another package that provides ANSI color formatting for text in the terminal. It extends String.prototype to add color properties, which some developers may find less clean than the functional approach taken by kleur.
Ansi-colors is a lightweight package that focuses on performance. Like kleur, it does not extend String.prototype and has a chainable API, but it has fewer dependencies and is designed to be as minimal as possible.
String.prototype
modificationsprintf
formattingHeavily inspired by ansi-colors
. See Credits for more info!
$ npm install --save kleur
const kleur = require('kleur');
// basic usage
kleur.red('red text');
// or variadic arguments
kleur.red('this', 'is', 'also', 'red');
// or printf formatting
kleur.red('%s, %s!', 'hello', 'world');
// chained methods
kleur.blue.bold.underline('howdy partner');
// nested methods
kleur.bold(`${ kleur.bgRed.white('[ERROR]') } ${ kleur.red.italic('Something happened')}`);
console.log(kleur.bold.red('this is a bold red message'));
console.log(kleur.bold.italic('this is a bold italicized message'));
console.log(kleur.bold.yellow.bgRed.italic('this is a bold yellow italicized message'));
console.log(kleur.green.bold.underline('this is a bold green underlined message'));
const { yellow, red, cyan } = require('kleur');
// with template literals
console.log(yellow(`foo ${red.bold('red')} bar ${cyan('cyan')} baz`));
// or variadic arguments
console.log(yellow('foo', red.bold('red'), 'bar', cyan('cyan'), 'baz'));
printf
FormattingSee
util.format
for documentation
const { yellow, bgGreen, bold } = require('kleur');
// basic usage
console.log(bold.cyan('%s, %s!', 'Hello', 'World', '-Anonymous'));
// or with nested colors
console.log( bold('%s-like %s... %s!', 'printf', bgGreen.black('formatting'), yellow('YAY')) );
Manually strip all ANSI codes from a given string.
let str = kleur.blue('Howdy partner');
//=> styled
kleur.clear(str);
//=> 'Howdy partner'
Toggle color support as needed; kleur
assumes it's always enabled.
const kleur = require('kleur');
// manually disable
kleur.enabled = false;
// or use a library to detect support
kleur.enabled = require('color-support').level;
console.log(kleur.red('I will only be colored red if the terminal supports colors'));
Any kleur
method returns a String
(when invoked, not chained). It's up to the developer to pass the output to destinations like console.log
, process.stdout.write
, etc.
The methods below are grouped by type for legibility purposes only. They each can be chained or nested with one another.
Colors:
black — red — green — yellow — blue — magenta — cyan — white — gray
Backgrounds:
bgBlack — bgRed — bgGreen — bgYellow — bgBlue — bgMagenta — bgCyan — bgWhite
Modifiers:
reset — bold — dim — italic* — underline — inverse — hidden — strikethrough*
* Not widely supported
Using Node v8.9.0
ansi-colors: 1.150ms
chalk: 8.440ms
clorox: 0.471ms
kleur: 0.611ms
# All Colors
ansi-colors x 60,646 ops/sec ±0.49% (96 runs sampled)
chalk x 7,228 ops/sec ±3.25% (73 runs sampled)
clorox x 86,631 ops/sec ±0.59% (94 runs sampled)
kleur x 95,595 ops/sec ±0.24% (96 runs sampled)
# Stacked colors
ansi-colors x 13,576 ops/sec ±0.42% (93 runs sampled)
chalk x 1,669 ops/sec ±4.56% (71 runs sampled)
clorox x 26,166 ops/sec ±1.44% (91 runs sampled)
kleur x 28,674 ops/sec ±0.29% (93 runs sampled)
# Nested colors
ansi-colors x 28,712 ops/sec ±0.60% (96 runs sampled)
chalk x 3,446 ops/sec ±4.59% (69 runs sampled)
Clorox x 40,821 ops/sec ±1.90% (94 runs sampled)
kleur x 43,242 ops/sec ±0.17% (97 runs sampled)
This project is based on Brian Woodward's awesome ansi-colors
project. My original implementation involved writing into a global state — first by writing into an output string, and then by saving the keys
array into the $
directly. Both approaches were leaky & allowed for accidental chains/overwrites. In turn, I borrowed ansi-colors
's approach in writing keys
state into each chain directly.
Aside from the performance boost, kleur
exists as a separate module because I've removed some of ansi-colors
's defining features, like bright color variants and symbols. It's tailor-made for my needs and experimentation.
You'll probably want to use
ansi-colors
, especially if you need any of those features! You'll be in good company!
The benchmark suite is also imported directly from ansi-colors
:raised_hands:
MIT © Luke Edwards
FAQs
The fastest Node.js library for formatting terminal text with ANSI colors~!
We found that kleur demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.