Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
markdown-it
Advanced tools
The markdown-it npm package is a Markdown parser that can convert Markdown text into HTML. It is highly extensible and supports various plugins to enhance its functionality. It is commonly used to render user-generated content in web applications, documentation tools, and content management systems.
Basic Markdown Parsing
This feature allows you to convert basic Markdown text into HTML. The code sample demonstrates how to create a new instance of MarkdownIt and use it to render a simple Markdown string.
const MarkdownIt = require('markdown-it');
const md = new MarkdownIt();
const result = md.render('# Markdown-it rulezz!');
HTML Output Customization
Markdown-it allows customization of the HTML output through options. The code sample shows how to enable HTML tags in source, automatically convert URLs to links, and use typographic replacements.
const MarkdownIt = require('markdown-it');
const md = new MarkdownIt({
html: true,
linkify: true,
typographer: true
});
Syntax Extensions with Plugins
Markdown-it supports plugins to extend its syntax. The code sample demonstrates how to add emoji support to the Markdown parser using the markdown-it-emoji plugin.
const MarkdownIt = require('markdown-it');
const emojiPlugin = require('markdown-it-emoji');
const md = new MarkdownIt();
md.use(emojiPlugin);
const result = md.render('Hello :smile:');
Linkify
The linkify feature automatically detects URLs in the text and converts them into clickable links. The code sample shows how to enable this feature in the MarkdownIt instance.
const MarkdownIt = require('markdown-it');
const md = new MarkdownIt({
linkify: true
});
const result = md.render('Visit https://www.example.com');
Marked is a fast Markdown parser and compiler built for speed. It is less extensible than markdown-it but is known for its performance and being a low-level compiler.
Remarkable is another Markdown parser that claims to be very fast and efficient. It offers similar extensibility to markdown-it with a plugin system and is often used for its speed and comprehensive Markdown support.
Showdown is a JavaScript Markdown to HTML converter that can run both on the server and in the browser. It is often chosen for its client-side capabilities and extensibility with extensions.
Markdown parser done right. Fast and easy to extend.
Table of content
node.js:
npm install markdown-it
browser (CDN):
See also:
// node.js
// can use `require('markdown-it')` for CJS
import markdownit from 'markdown-it'
const md = markdownit()
const result = md.render('# markdown-it rulezz!');
// browser with UMD build, added to "window" on script load
// Note, there is no dash in "markdownit".
const md = window.markdownit();
const result = md.render('# markdown-it rulezz!');
Single line rendering, without paragraph wrap:
import markdownit from 'markdown-it'
const md = markdownit()
const result = md.renderInline('__markdown-it__ rulezz!');
(*) presets define combinations of active rules and options. Can be
"commonmark"
, "zero"
or "default"
(if skipped). See
API docs for more details.
import markdownit from 'markdown-it'
// commonmark mode
const md = markdownit('commonmark')
// default mode
const md = markdownit()
// enable everything
const md = markdownit({
html: true,
linkify: true,
typographer: true
})
// full options list (defaults)
const md = markdownit({
// Enable HTML tags in source
html: false,
// Use '/' to close single tags (<br />).
// This is only for full CommonMark compatibility.
xhtmlOut: false,
// Convert '\n' in paragraphs into <br>
breaks: false,
// CSS language prefix for fenced blocks. Can be
// useful for external highlighters.
langPrefix: 'language-',
// Autoconvert URL-like text to links
linkify: false,
// Enable some language-neutral replacement + quotes beautification
// For the full list of replacements, see https://github.com/markdown-it/markdown-it/blob/master/lib/rules_core/replacements.mjs
typographer: false,
// Double + single quotes replacement pairs, when typographer enabled,
// and smartquotes on. Could be either a String or an Array.
//
// For example, you can use '«»„“' for Russian, '„“‚‘' for German,
// and ['«\xA0', '\xA0»', '‹\xA0', '\xA0›'] for French (including nbsp).
quotes: '“”‘’',
// Highlighter function. Should return escaped HTML,
// or '' if the source string is not changed and should be escaped externally.
// If result starts with <pre... internal wrapper is skipped.
highlight: function (/*str, lang*/) { return ''; }
});
import markdownit from 'markdown-it'
const md = markdownit
.use(plugin1)
.use(plugin2, opts, ...)
.use(plugin3);
Apply syntax highlighting to fenced code blocks with the highlight
option:
import markdownit from 'markdown-it'
import hljs from 'highlight.js' // https://highlightjs.org
// Actual default values
const md = markdownit({
highlight: function (str, lang) {
if (lang && hljs.getLanguage(lang)) {
try {
return hljs.highlight(str, { language: lang }).value;
} catch (__) {}
}
return ''; // use external default escaping
}
});
Or with full wrapper override (if you need assign class to <pre>
or <code>
):
import markdownit from 'markdown-it'
import hljs from 'highlight.js' // https://highlightjs.org
// Actual default values
const md = markdownit({
highlight: function (str, lang) {
if (lang && hljs.getLanguage(lang)) {
try {
return '<pre><code class="hljs">' +
hljs.highlight(str, { language: lang, ignoreIllegals: true }).value +
'</code></pre>';
} catch (__) {}
}
return '<pre><code class="hljs">' + md.utils.escapeHtml(str) + '</code></pre>';
}
});
linkify: true
uses linkify-it. To
configure linkify-it, access the linkify instance through md.linkify
:
md.linkify.set({ fuzzyEmail: false }); // disables converting email to link
If you are going to write plugins, please take a look at Development info.
Embedded (enabled by default):
Via plugins:
By default all rules are enabled, but can be restricted by options. On plugin load all its rules are enabled automatically.
import markdownit from 'markdown-it'
// Activate/deactivate rules, with currying
const md = markdownit()
.disable(['link', 'image'])
.enable(['link'])
.enable('image');
// Enable everything
const md = markdownit({
html: true,
linkify: true,
typographer: true,
});
You can find all rules in sources:
Here is the result of readme parse at MB Pro Retina 2013 (2.4 GHz):
npm run benchmark-deps
benchmark/benchmark.mjs readme
Selected samples: (1 of 28)
> README
Sample: README.md (7774 bytes)
> commonmark-reference x 1,222 ops/sec ±0.96% (97 runs sampled)
> current x 743 ops/sec ±0.84% (97 runs sampled)
> current-commonmark x 1,568 ops/sec ±0.84% (98 runs sampled)
> marked x 1,587 ops/sec ±4.31% (93 runs sampled)
Note. CommonMark version runs with simplified link normalizers for more "honest" compare. Difference is ≈1.5×.
As you can see, markdown-it
doesn't pay with speed for its flexibility.
Slowdown of "full" version caused by additional features not available in
other implementations.
Available as part of the Tidelift Subscription.
The maintainers of markdown-it
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
markdown-it is the result of the decision of the authors who contributed to 99% of the Remarkable code to move to a project with the same authorship but new leadership (Vitaly and Alex). It's not a fork.
Big thanks to John MacFarlane for his work on the CommonMark spec and reference implementations. His work saved us a lot of time during this project's development.
Related Links:
Ports
[14.1.0] - 2024-03-19
FAQs
Markdown-it - modern pluggable markdown parser.
The npm package markdown-it receives a total of 5,248,880 weekly downloads. As such, markdown-it popularity was classified as popular.
We found that markdown-it demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.