Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
A full-featured markdown parser and compiler, written in JavaScript. Built for speed.
npm install kramed --save
marked
?marked
hasn't been evolving as much as it could be lately and due to our needs with GitBook, we need features such as robust mathjax
support and want to strive closer to the rising kramdown
standard.
Minimal usage:
var kramed = require('kramed');
console.log(kramed('I am using __markdown__.'));
// Outputs: <p>I am using <strong>markdown</strong>.</p>
Example setting options with default values:
var kramed = require('kramed');
kramed.setOptions({
renderer: new kramed.Renderer(),
gfm: true,
tables: true,
breaks: false,
pedantic: false,
sanitize: true,
smartLists: true,
smartypants: false
});
console.log(kramed('I am using __markdown__.'));
Type: string
String of markdown source to be compiled.
Type: object
Hash of options. Can also be set using the kramed.setOptions
method as seen
above.
Type: function
Function called when the markdownString
has been fully parsed when using
async highlighting. If the options
argument is omitted, this can be used as
the second argument.
Type: function
A function to highlight code blocks. The first example below uses async highlighting with node-pygmentize-bundled, and the second is a synchronous example using highlight.js:
var kramed = require('kramed');
var markdownString = '```js\n console.log("hello"); \n```';
// Async highlighting with pygmentize-bundled
kramed.setOptions({
highlight: function (code, lang, callback) {
require('pygmentize-bundled')({ lang: lang, format: 'html' }, code, function (err, result) {
callback(err, result.toString());
});
}
});
// Using async version of kramed
kramed(markdownString, function (err, content) {
if (err) throw err;
console.log(content);
});
// Synchronous highlighting with highlight.js
kramed.setOptions({
highlight: function (code) {
return require('highlight.js').highlightAuto(code).value;
}
});
console.log(kramed(markdownString));
code
Type: string
The section of code to pass to the highlighter.
lang
Type: string
The programming language specified in the code block.
callback
Type: function
The callback function to call when using an async highlighter.
Type: object
Default: new Renderer()
An object containing functions to render tokens to HTML.
The renderer option allows you to render tokens in a custom manor. Here is an example of overriding the default heading token rendering by adding an embedded anchor tag like on GitHub:
var kramed = require('kramed');
var renderer = new kramed.Renderer();
renderer.heading = function (text, level) {
var escapedText = text.toLowerCase().replace(/[^\w]+/g, '-');
return '<h' + level + '><a name="' +
escapedText +
'" class="anchor" href="#' +
escapedText +
'"><span class="header-link"></span></a>' +
text + '</h' + level + '>';
},
console.log(kramed('# heading+', { renderer: renderer }));
This code will output the following HTML:
<h1>
<a name="heading-" class="anchor" href="#heading-">
<span class="header-link"></span>
</a>
heading+
</h1>
flags
has the following properties:
{
header: true || false,
align: 'center' || 'left' || 'right'
}
Type: boolean
Default: true
Enable GitHub flavored markdown.
Type: boolean
Default: true
Enable GFM tables.
This option requires the gfm
option to be true.
Type: boolean
Default: false
Enable GFM line breaks.
This option requires the gfm
option to be true.
Type: boolean
Default: false
Conform to obscure parts of markdown.pl
as much as possible. Don't fix any of
the original markdown bugs or poor behavior.
Type: boolean
Default: false
Sanitize the output. Ignore any HTML that has been input.
Type: boolean
Default: true
Use smarter list behavior than the original markdown. May eventually be
default with the old behavior moved into pedantic
.
Type: boolean
Default: false
Use "smart" typograhic punctuation for things like quotes and dashes.
You also have direct access to the lexer and parser if you so desire.
var tokens = kramed.lexer(text, options);
console.log(kramed.parser(tokens));
var lexer = new kramed.Lexer(options);
var tokens = lexer.lex(text);
console.log(tokens);
console.log(lexer.rules);
$ kramed -o hello.html
hello world
^D
$ cat hello.html
<p>hello world</p>
The point of kramed was to create a markdown compiler where it was possible to frequently parse huge chunks of markdown without having to worry about caching the compiled output somehow...or blocking for an unnecesarily long time.
kramed is very concise and still implements all markdown features. It is also now fully compatible with the client-side.
kramed more or less passes the official markdown test suite in its entirety. This is important because a surprising number of markdown compilers cannot pass more than a few tests. It was very difficult to get kramed as compliant as it is. It could have cut corners in several areas for the sake of performance, but did not in order to be exactly what you expect in terms of a markdown rendering. In fact, this is why kramed could be considered at a disadvantage in the benchmarks above.
Along with implementing every markdown feature, kramed also implements GFM features.
node v0.8.x
$ node test --bench
kramed completed in 3411ms.
kramed (gfm) completed in 3727ms.
kramed (pedantic) completed in 3201ms.
robotskirt completed in 808ms.
showdown (reuse converter) completed in 11954ms.
showdown (new converter) completed in 17774ms.
markdown-js completed in 17191ms.
Kramed is now faster than Discount, which is written in C.
For those feeling skeptical: These benchmarks run the entire markdown test suite 1000 times. The test suite tests every feature. It doesn't cater to specific aspects.
You also have direct access to the lexer and parser if you so desire.
var tokens = kramed.lexer(text, options);
console.log(kramed.parser(tokens));
var lexer = new kramed.Lexer(options);
var tokens = lexer.lex(text);
console.log(tokens);
console.log(lexer.rules);
$ node
> require('kramed').lexer('> i am using kramed.')
[ { type: 'blockquote_start' },
{ type: 'paragraph',
text: 'i am using kramed.' },
{ type: 'blockquote_end' },
links: {} ]
If you want to submit a pull request, make sure your changes pass the test suite. If you're adding a new feature, be sure to add your own test.
The kramed test suite is set up slightly strangely: test/new
is for all tests
that are not part of the original markdown.pl test suite (this is where your
test should go if you make one). test/original
is only for the original
markdown.pl tests. test/tests
houses both types of tests after they have been
combined and moved/generated by running node test --fix
or kramed --test --fix
.
In other words, if you have a test to add, add it to test/new/
and then
regenerate the tests with node test --fix
. Commit the result. If your test
uses a certain feature, for example, maybe it assumes GFM is not enabled, you
can add .nogfm
to the filename. So, my-test.text
becomes
my-test.nogfm.text
. You can do this with any kramed option. Say you want
line breaks and smartypants enabled, your filename should be:
my-test.breaks.smartypants.text
.
To run the tests:
cd kramed/
node test
If you contribute code to this project, you are implicitly allowing your code
to be distributed under the MIT license. You are also implicitly verifying that
all code is your original work. </legalese>
Marked: Copyright (c) 2011-2014, Christopher Jeffrey. (MIT License) Kramed: Copyright (c) 2014, Aaron O'Mullan. (MIT Licensed)
See LICENSE for more info.
FAQs
A markdown (kramdown compatible) parser and compiler. Built for speed.
The npm package kramed receives a total of 8,903 weekly downloads. As such, kramed popularity was classified as popular.
We found that kramed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.