Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
The marked npm package is a markdown parser and compiler built for speed. It converts markdown syntax to HTML, and it is designed to be as extensible and fast as possible.
Markdown Parsing
This feature allows you to parse markdown text and convert it to HTML. The code sample shows how to use marked to convert a simple markdown string into HTML.
const marked = require('marked');
console.log(marked('# Marked in Node.js\n\nRendered by **marked**.'));
Options Customization
This feature allows you to customize the behavior of the marked parser by setting options such as GitHub Flavored Markdown (GFM), breaks, pedantic, sanitize, smart lists, and smartypants.
const marked = require('marked');
marked.setOptions({
renderer: new marked.Renderer(),
gfm: true,
breaks: false,
pedantic: false,
sanitize: false,
smartLists: true,
smartypants: false
});
console.log(marked('I am using __markdown__.'));
Synchronous Parsing
This feature allows you to parse markdown synchronously, which is useful when you don't need to handle asynchronous operations.
const marked = require('marked');
const html = marked('## Synchronous markdown to HTML');
console.log(html);
Asynchronous Parsing
This feature allows you to parse markdown asynchronously, which can be useful when dealing with file systems or network requests.
const marked = require('marked');
marked('# Asynchronous markdown to HTML', function(err, content) {
if (err) throw err;
console.log(content);
});
Lexer and Parser
This feature exposes the lexer and parser, allowing you to generate tokens from markdown and then parse those tokens into HTML. This can be useful for advanced use-cases where you need to manipulate the tokens before parsing.
const marked = require('marked');
const tokens = marked.lexer('# Lexing markdown');
console.log(tokens);
const html = marked.parser(tokens);
console.log(html);
Remarkable is an npm package that offers similar markdown parsing and rendering capabilities. It provides a full-featured markdown parser and compiler, and it emphasizes extensibility and performance, much like marked.
Showdown is another markdown to HTML converter that can be used both in the browser and on the server. It has a similar feature set to marked but also includes extensions which allow for additional syntax and features beyond the standard markdown.
Markdown-it is a modern markdown parser with a focus on speed and extensibility. It supports the CommonMark specification and has a similar feature set to marked, but it also includes a plugin system for extending its capabilities.
Checkout the demo page to see marked in action ⛹️
Our documentation pages are also rendered using marked 💯
Also read about:
Node.js: Only current and LTS Node.js versions are supported. End of life Node.js versions may become incompatible with Marked at any point in time.
Browser: Not IE11 :)
CLI:
npm install -g marked
In-browser:
npm install marked
DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));
CLI
# Example with stdin input
$ marked -o hello.html
hello world
^D
$ cat hello.html
<p>hello world</p>
# Print all options
$ marked --help
Browser
<!doctype html>
<html>
<head>
<meta charset="utf-8"/>
<title>Marked in the browser</title>
</head>
<body>
<div id="content"></div>
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
<script>
document.getElementById('content').innerHTML =
marked.parse('# Marked in the browser\n\nRendered by **marked**.');
</script>
</body>
</html>
or import esm module
<script type="module">
import { marked } from "https://cdn.jsdelivr.net/npm/marked/lib/marked.esm.js";
document.getElementById('content').innerHTML =
marked.parse('# Marked in the browser\n\nRendered by **marked**.');
</script>
Copyright (c) 2011-2022, Christopher Jeffrey. (MIT License)
FAQs
A markdown parser built for speed
The npm package marked receives a total of 4,143,794 weekly downloads. As such, marked popularity was classified as popular.
We found that marked demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.