Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The lowlight npm package is a library for syntax highlighting of code using languages supported by highlight.js. It is primarily used to parse and transform code into a syntax-highlighted format without a browser, making it suitable for server-side applications or pre-processing of static pages.
Syntax Highlighting
This feature allows you to highlight syntax of various programming languages. The code sample demonstrates highlighting a simple JavaScript code snippet.
const lowlight = require('lowlight');
const highlightedCode = lowlight.highlight('javascript', 'const x = 123;').value;
console.log(highlightedCode);
Registering Languages
This feature enables the addition of new languages to lowlight's highlighting capabilities by registering them through highlight.js. The code sample shows how to register and highlight Python code.
const lowlight = require('lowlight');
lowlight.registerLanguage('python', require('highlight.js/lib/languages/python'));
const highlightedPython = lowlight.highlight('python', 'def foo(): return 123').value;
console.log(highlightedPython);
Auto-Detection of Language
This feature automatically detects the programming language of a given code snippet and applies appropriate syntax highlighting. The code sample demonstrates auto-detection for a JavaScript snippet.
const lowlight = require('lowlight');
const result = lowlight.highlightAuto('const x = 123;');
console.log(result.language); // 'javascript'
console.log(result.value);
highlight.js is a widely used library for syntax highlighting. It supports numerous languages and is often used directly in web browsers. Compared to lowlight, highlight.js is more versatile for client-side applications but both can be used server-side.
Prism is another popular syntax highlighting library that works both in the browser and on the server. It is known for its lightweight core and extensible plugins. Unlike lowlight, PrismJS focuses more on client-side performance and extensibility.
Shiki is a syntax highlighter powered by the same language grammars as Visual Studio Code. It provides accurate and visually appealing highlights. Shiki is similar to lowlight in that it can be used server-side, but it offers a richer set of themes and a different integration approach.
Virtual syntax highlighting for virtual DOMs and non-HTML things based on
highlight.js
.
This package uses highlight.js
for syntax highlighting and
outputs objects (ASTs) instead of a string of HTML.
It can support 190+ programming languages.
This package is useful when you want to perform syntax highlighting in a place where serialized HTML wouldn’t work or wouldn’t work well. For example, you can use lowlight when you want to show code in a CLI by rendering to ANSI sequences, when you’re using virtual DOM frameworks (such as React or Preact) so that diffing can be performant, or when you’re working with ASTs (rehype).
You can use the similar refractor
if you want to use Prism
grammars instead.
If you’re looking for a really good (but rather heavy) alternative, use
starry-night
.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install lowlight
In Deno with esm.sh
:
import {all, common, createLowlight} from 'https://esm.sh/lowlight@3'
In browsers with esm.sh
:
<script type="module">
import {all, common, createLowlight} from 'https://esm.sh/lowlight@3?bundle'
</script>
import {common, createLowlight} from 'lowlight'
const lowlight = createLowlight(common)
const tree = lowlight.highlight('js', '"use strict";')
console.dir(tree, {depth: undefined})
Yields:
{
type: 'root',
children: [
{
type: 'element',
tagName: 'span',
properties: {className: ['hljs-meta']},
children: [{type: 'text', value: '"use strict"'}]
},
{type: 'text', value: ';'}
],
data: {language: 'js', relevance: 10}
}
This package exports the identifiers all
,
common
, and
createLowlight
.
There is no default export.
all
Map of all (±190) grammars (Record<string, LanguageFn>
).
common
Map of common (37) grammars (Record<string, LanguageFn>
).
createLowlight([grammars])
Create a lowlight
instance.
grammars
(Record<string, LanguageFn>
, optional)
— grammars to addLowlight (Lowlight
).
lowlight.highlight(language, value[, options])
Highlight value
(code) as language
(name).
language
(string
)
— programming language namevalue
(string
)
— code to highlightoptions
(Options
, optional)
— configurationTree (Root
); with the following data
fields: language
(string
), detected programming language name; relevance
(number
), how
sure lowlight is that the given code is in the language.
import {common, createLowlight} from 'lowlight'
const lowlight = createLowlight(common)
console.log(lowlight.highlight('css', 'em { color: red }'))
Yields:
{type: 'root', children: [Array], data: {language: 'css', relevance: 3}}
lowlight.highlightAuto(value[, options])
Highlight value
(code) and guess its programming language.
value
(string
)
— code to highlightoptions
(AutoOptions
, optional)
— configurationTree (Root
); with the following data
fields: language
(string
), detected programming language name; relevance
(number
), how
sure lowlight is that the given code is in the language.
import {common, createLowlight} from 'lowlight'
const lowlight = createLowlight(common)
console.log(lowlight.highlightAuto('"hello, " + name + "!"'))
Yields:
{type: 'root', children: [Array], data: {language: 'arduino', relevance: 2}}
lowlight.listLanguages()
List registered languages.
Names of registered language (Array<string>
).
import {createLowlight} from 'lowlight'
import markdown from 'highlight.js/lib/languages/markdown'
const lowlight = createLowlight()
console.log(lowlight.listLanguages()) // => []
lowlight.register({markdown})
console.log(lowlight.listLanguages()) // => ['markdown']
lowlight.register(grammars)
Register languages.
register(name, grammar)
register(grammars)
name
(string
)
— programming language namegrammar
(LanguageFn
)
— grammargrammars
(Record<string, LanguageFn>
, optional)
— grammarsNothing (undefined
).
import {createLowlight} from 'lowlight'
import xml from 'highlight.js/lib/languages/xml'
const lowlight = createLowlight()
lowlight.register({xml})
// Note: `html` is an alias for `xml`.
console.log(lowlight.highlight('html', '<em>Emphasis</em>'))
Yields:
{type: 'root', children: [Array], data: {language: 'html', relevance: 2}}
lowlight.registerAlias(aliases)
Register aliases.
registerAlias(aliases)
registerAlias(name, alias)
aliases
(Record<string, Array<string> | string>
)
— map of programming language names to one or more aliasesname
(string
)
— programming language namealias
(Array<string> | string
)
— one or more aliases for the programming languageNothing (undefined
).
import {createLowlight} from 'lowlight'
import markdown from 'highlight.js/lib/languages/markdown'
const lowlight = createLowlight()
lowlight.register({markdown})
// lowlight.highlight('mdown', '<em>Emphasis</em>')
// ^ would throw: Error: Unknown language: `mdown` is not registered
lowlight.registerAlias({markdown: ['mdown', 'mkdn', 'mdwn', 'ron']})
lowlight.highlight('mdown', '<em>Emphasis</em>')
// ^ Works!
lowlight.registered(aliasOrlanguage)
Check whether an alias or name is registered.
aliasOrlanguage
(string
)
— name of a language or alias for oneWhether aliasOrName
is registered (boolean
).
import {createLowlight} from 'lowlight'
import javascript from 'highlight.js/lib/languages/javascript'
const lowlight = createLowlight({javascript})
console.log(lowlight.registered('funkyscript')) // => `false`
lowlight.registerAlias({javascript: 'funkyscript'})
console.log(lowlight.registered('funkyscript')) // => `true`
AutoOptions
Configuration for highlightAuto
(TypeScript type).
prefix
(string
, default: 'hljs-'
)
— class prefixsubset
(Array<string>
, default: all registered languages)
— list of allowed languagesLanguageFn
Highlight.js grammar (TypeScript type).
type {LanguageFn} from 'highlight.js'
Options
Configuration for highlight
(TypeScript type).
prefix
(string
, default: 'hljs-'
)
— class prefixhast trees as returned by lowlight can be serialized with
hast-util-to-html
:
import {common, createLowlight} from 'lowlight'
import {toHtml} from 'hast-util-to-html'
const lowlight = createLowlight(common)
const tree = lowlight.highlight('js', '"use strict";')
console.log(toHtml(tree))
Yields:
<span class="hljs-meta">"use strict"</span>;
hast trees as returned by lowlight can be turned into nodes of any framework
that supports JSX, such as preact, react, solid, svelte, vue, and more, with
hast-util-to-jsx-runtime
:
import {toJsxRuntime} from 'hast-util-to-jsx-runtime'
// @ts-expect-error: react types don’t type these.
import {Fragment, jsx, jsxs} from 'react/jsx-runtime'
import {common, createLowlight} from 'lowlight'
const lowlight = createLowlight(common)
const tree = lowlight.highlight('js', '"use strict";')
console.log(toJsxRuntime(tree, {Fragment, jsx, jsxs}))
Yields:
{
$$typeof: Symbol(react.element),
type: Symbol(react.fragment),
key: null,
ref: null,
props: {children: [[Object], ';']},
_owner: null,
_store: {}
}
This package is fully typed with TypeScript.
It exports the additional types
AutoOptions
,
LanguageFn
, and
Options
.
It also registers root.data
with @types/hast
.
If you’re working with the data fields, make sure to import this package
somewhere in your types, as that registers the new fields on the file.
/**
* @import {Root} from 'hast'
* @import {} from 'lowlight'
*/
import {VFile} from 'vfile'
/** @type {Root} */
const root = {type: 'root', children: []}
console.log(root.data?.language) //=> TS now knows that this is a `string?`.
If you’re using createLowlight()
, no syntaxes are included yet.
You can import all
or common
and pass them, such as with
createLowlight(all)
.
Checked syntaxes are included in common
.
All syntaxes are included in all
.
You can also manually import syntaxes from highlight.js/lib/languages/xxx
,
where xxx
is the name, such as 'highlight.js/lib/languages/wasm'
.
1c
— 1C:Enterpriseabnf
— Augmented Backus-Naur Formaccesslog
— Apache Access Logactionscript
(as
) — ActionScriptada
— Adaangelscript
(asc
) — AngelScriptapache
(apacheconf
) — Apache configapplescript
(osascript
) — AppleScriptarcade
— ArcGIS Arcadearduino
(ino
) — Arduinoarmasm
(arm
) — ARM Assemblyasciidoc
(adoc
) — AsciiDocaspectj
— AspectJautohotkey
(ahk
) — AutoHotkeyautoit
— AutoItavrasm
— AVR Assemblyawk
— Awkaxapta
(x++
) — X++bash
(sh
, zsh
) — Bashbasic
— BASICbnf
— Backus–Naur Formbrainfuck
(bf
) — Brainfuckc
(h
) — Ccal
— C/ALcapnproto
(capnp
) — Cap’n Protoceylon
— Ceylonclean
(icl
, dcl
) — Cleanclojure
(clj
, edn
) — Clojureclojure-repl
— Clojure REPLcmake
(cmake.in
) — CMakecoffeescript
(coffee
, cson
, iced
) — CoffeeScriptcoq
— Coqcos
(cls
) — Caché Object Scriptcpp
(cc
, c++
, h++
, hpp
, hh
, hxx
, cxx
) — C++crmsh
(crm
, pcmk
) — crmshcrystal
(cr
) — Crystalcsharp
(cs
, c#
) — C#csp
— CSPcss
— CSSd
— Ddart
— Dartdelphi
(dpr
, dfm
, pas
, pascal
) — Delphidiff
(patch
) — Diffdjango
(jinja
) — Djangodns
(bind
, zone
) — DNS Zonedockerfile
(docker
) — Dockerfiledos
(bat
, cmd
) — Batch file (DOS)dsconfig
— undefineddts
— Device Treedust
(dst
) — Dustebnf
— Extended Backus-Naur Formelixir
(ex
, exs
) — Elixirelm
— Elmerb
— ERBerlang
(erl
) — Erlangerlang-repl
— Erlang REPLexcel
(xlsx
, xls
) — Excel formulaefix
— FIXflix
— Flixfortran
(f90
, f95
) — Fortranfsharp
(fs
, f#
) — F#gams
(gms
) — GAMSgauss
(gss
) — GAUSSgcode
(nc
) — G-code (ISO 6983)gherkin
(feature
) — Gherkinglsl
— GLSLgml
— GMLgo
(golang
) — Gogolo
— Gologradle
— Gradlegraphql
(gql
) — GraphQLgroovy
— Groovyhaml
— HAMLhandlebars
(hbs
, html.hbs
, html.handlebars
, htmlbars
) — Handlebarshaskell
(hs
) — Haskellhaxe
(hx
) — Haxehsp
— HSPhttp
(https
) — HTTPhy
(hylang
) — Hyinform7
(i7
) — Inform 7ini
(toml
) — TOML, also INIirpf90
— IRPF90isbl
— ISBLjava
(jsp
) — Javajavascript
(js
, jsx
, mjs
, cjs
) — JavaScriptjboss-cli
(wildfly-cli
) — JBoss CLIjson
(jsonc
) — JSONjulia
— Juliajulia-repl
(jldoctest
) — Julia REPLkotlin
(kt
, kts
) — Kotlinlasso
(ls
, lassoscript
) — Lassolatex
(tex
) — LaTeXldif
— LDIFleaf
— Leafless
— Lesslisp
— Lisplivecodeserver
— LiveCodelivescript
(ls
) — LiveScriptllvm
— LLVM IRlsl
— LSL (Linden Scripting Language)lua
(pluto
) — Luamakefile
(mk
, mak
, make
) — Makefilemarkdown
(md
, mkdown
, mkd
) — Markdownmathematica
(mma
, wl
) — Mathematicamatlab
— Matlabmaxima
— Maximamel
— MELmercury
(m
, moo
) — Mercurymipsasm
(mips
) — MIPS Assemblymizar
— Mizarmojolicious
— Mojoliciousmonkey
— Monkeymoonscript
(moon
) — MoonScriptn1ql
— N1QLnestedtext
(nt
) — Nested Textnginx
(nginxconf
) — Nginx confignim
— Nimnix
(nixos
) — Nixnode-repl
— Node REPLnsis
— NSISobjectivec
(mm
, objc
, obj-c
, obj-c++
, objective-c++
) — Objective-Cocaml
(ml
) — OCamlopenscad
(scad
) — OpenSCADoxygene
— Oxygeneparser3
— Parser3perl
(pl
, pm
) — Perlpf
(pf.conf
) — Packet Filter configpgsql
(postgres
, postgresql
) — PostgreSQLphp
— undefinedphp-template
— PHP templateplaintext
(text
, txt
) — Plain textpony
— Ponypowershell
(pwsh
, ps
, ps1
) — PowerShellprocessing
(pde
) — Processingprofile
— Python profilerprolog
— Prologproperties
— .propertiesprotobuf
(proto
) — Protocol Bufferspuppet
(pp
) — Puppetpurebasic
(pb
, pbi
) — PureBASICpython
(py
, gyp
, ipython
) — Pythonpython-repl
(pycon
) — undefinedq
(k
, kdb
) — Qqml
(qt
) — QMLr
— Rreasonml
(re
) — ReasonMLrib
— RenderMan RIBroboconf
(graph
, instances
) — Roboconfrouteros
(mikrotik
) — MikroTik RouterOS scriptrsl
— RenderMan RSLruby
(rb
, gemspec
, podspec
, thor
, irb
) — Rubyruleslanguage
— Oracle Rules Languagerust
(rs
) — Rustsas
— SASscala
— Scalascheme
(scm
) — Schemescilab
(sci
) — Scilabscss
— SCSSshell
(console
, shellsession
) — Shell Sessionsmali
— Smalismalltalk
(st
) — Smalltalksml
(ml
) — SML (Standard ML)sqf
— SQFsql
— SQLstan
(stanfuncs
) — Stanstata
(do
, ado
) — Statastep21
(p21
, step
, stp
) — STEP Part 21stylus
(styl
) — Stylussubunit
— SubUnitswift
— Swifttaggerscript
— Tagger Scripttap
— Test Anything Protocoltcl
(tk
) — Tclthrift
— Thrifttp
— TPtwig
(craftcms
) — Twigtypescript
(ts
, tsx
, mts
, cts
) — TypeScriptvala
— Valavbnet
(vb
) — Visual Basic .NETvbscript
(vbs
) — VBScriptvbscript-html
— VBScript in HTMLverilog
(v
, sv
, svh
) — Verilogvhdl
— VHDLvim
— Vim Scriptwasm
— WebAssemblywren
— Wrenx86asm
— Intel x86 Assemblyxl
(tao
) — XLxml
(html
, xhtml
, rss
, atom
, xjb
, xsd
, xsl
, plist
, wsf
, svg
) — HTML, XMLxquery
(xpath
, xq
, xqm
) — XQueryyaml
(yml
) — YAMLzephir
(zep
) — Zephirlowlight
does not inject CSS for the syntax highlighted code (because well,
lowlight doesn’t have to be turned into HTML and might not run in a browser!).
If you are in a browser, you can use any highlight.js
theme.
For example, to get GitHub Dark from cdnjs:
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.0/styles/github-dark.min.css">
This package is compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line,
lowlight@^3
, compatible with Node.js 16.
This package is safe.
refractor
— the same as lowlight but with Prismstarry-night
— similar but like GitHub and really goodemphasize
— syntax highlighting in ANSI (for the terminal)react-lowlight
— syntax highlighter for Reactreact-syntax-highlighter
— React component for syntax highlightingrehype-highlight
— rehype plugin to highlight code
blocksjstransformer-lowlight
— syntax highlighting for JSTransformers
and PugYes please! See How to Contribute to Open Source.
FAQs
Virtual syntax highlighting for virtual DOMs and non-HTML things
The npm package lowlight receives a total of 1,499,582 weekly downloads. As such, lowlight popularity was classified as popular.
We found that lowlight demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.