Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
The lowlight npm package is a library for syntax highlighting of code using languages supported by highlight.js. It is primarily used to parse and transform code into a syntax-highlighted format without a browser, making it suitable for server-side applications or pre-processing of static pages.
Syntax Highlighting
This feature allows you to highlight syntax of various programming languages. The code sample demonstrates highlighting a simple JavaScript code snippet.
const lowlight = require('lowlight');
const highlightedCode = lowlight.highlight('javascript', 'const x = 123;').value;
console.log(highlightedCode);
Registering Languages
This feature enables the addition of new languages to lowlight's highlighting capabilities by registering them through highlight.js. The code sample shows how to register and highlight Python code.
const lowlight = require('lowlight');
lowlight.registerLanguage('python', require('highlight.js/lib/languages/python'));
const highlightedPython = lowlight.highlight('python', 'def foo(): return 123').value;
console.log(highlightedPython);
Auto-Detection of Language
This feature automatically detects the programming language of a given code snippet and applies appropriate syntax highlighting. The code sample demonstrates auto-detection for a JavaScript snippet.
const lowlight = require('lowlight');
const result = lowlight.highlightAuto('const x = 123;');
console.log(result.language); // 'javascript'
console.log(result.value);
highlight.js is a widely used library for syntax highlighting. It supports numerous languages and is often used directly in web browsers. Compared to lowlight, highlight.js is more versatile for client-side applications but both can be used server-side.
Prism is another popular syntax highlighting library that works both in the browser and on the server. It is known for its lightweight core and extensible plugins. Unlike lowlight, PrismJS focuses more on client-side performance and extensibility.
Shiki is a syntax highlighter powered by the same language grammars as Visual Studio Code. It provides accurate and visually appealing highlights. Shiki is similar to lowlight in that it can be used server-side, but it offers a richer set of themes and a different integration approach.
Virtual syntax highlighting for virtual DOMs and non-HTML things, with language auto-detection. Perfect for React, VDOM, and others.
Lowlight is built to work with all syntaxes supported by highlight.js, that’s 166 languages (and all 73 themes).
npm:
npm install lowlight
Highlight:
var low = require('lowlight');
var ast = low.highlight('js', '"use strict";').value;
Yields:
[ { type: 'element',
tagName: 'span',
properties: { className: [ 'hljs-meta' ] },
children: [ { type: 'text', value: '"use strict"' } ] },
{ type: 'text', value: ';' } ]
Or, stringified with rehype:
var rehype = require('rehype');
var html = rehype().stringify({type: 'root', children: ast}));
Yields:
<span class="hljs-meta">"use strict"</span>;
Tip: Use
hast-to-hyperscript
to transform to other virtual DOMs, or DIY.
low.highlight(language, value[, options])
Parse value
according to the language
grammar.
name
(string
) — See list of names and aliases;value
(string
) — Source to highlight;options
(Object?
, optional):
prefix
(string?
, default: 'hljs-'
) — Class prefix.Object
:
relevance
(number
)
— Integer representing how sure low is the given code is in
the given language;language
(string
) — The given language
;value
(Array.<Node>
) — Hast nodes
representing the highlighted given code.low.highlightAuto(value[, options])
Parse value
by guessing its grammar.
value
(string
) — Source to highlight;options
(Object?
, optional):
prefix
(string?
, default: 'hljs-'
)
— Class prefix;subset
(Array.<string>?
, optional, defaults to
all registered languages.)
— List of allowed languages.Object
:
relevance
(number
)
— Integer representing how sure low is the given code
is in the detected language;language
(string
) — The given language
;value
(Array.<Node>
) — Hast nodes
representing the highlighted given code.secondBest
(Object?
)
— Object with the same structure as the top returned object, but
containing information for the second-best result.
Can be null
.low.registerLanguage(name, syntax)
Register a syntax. Useful in the browser or with custom grammars.
name
(string
) — Name of language;syntax
(Function
) — Syntax highlighter, see
highlight.js
s docs for more information.I do not suggest using the pre-built files or requiring lowlight
in
the browser as that would include a 530kb (170kb GZipped) file.
Instead, require lowlight/lib/core
, and include only the used
highlighters. For example:
var low = require('lowlight/lib/core');
var js = require('highlight.js/lib/languages/javascript');
low.registerLanguage('javascript', js);
low.highlight('js', '"use strict";');
// See `Usage` for the results.
...When using browserify, minifying this results in just 17kb of code (7kb with GZip).
emphasize
— Syntax highlighting in ANSI, for the terminal;react-lowlight
— Syntax highlighter for React;react-syntax-highlighter
— React component for syntax highlighting.rehype-highlight
— Syntax highlighting in rehype;remark-highlight.js
— Syntax highlighting in remark;FAQs
Virtual syntax highlighting for virtual DOMs and non-HTML things
The npm package lowlight receives a total of 1,985,344 weekly downloads. As such, lowlight popularity was classified as popular.
We found that lowlight demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.