Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The marked npm package is a markdown parser and compiler built for speed. It converts markdown syntax to HTML, and it is designed to be as extensible and fast as possible.
Markdown Parsing
This feature allows you to parse markdown text and convert it to HTML. The code sample shows how to use marked to convert a simple markdown string into HTML.
const marked = require('marked');
console.log(marked('# Marked in Node.js\n\nRendered by **marked**.'));
Options Customization
This feature allows you to customize the behavior of the marked parser by setting options such as GitHub Flavored Markdown (GFM), breaks, pedantic, sanitize, smart lists, and smartypants.
const marked = require('marked');
marked.setOptions({
renderer: new marked.Renderer(),
gfm: true,
breaks: false,
pedantic: false,
sanitize: false,
smartLists: true,
smartypants: false
});
console.log(marked('I am using __markdown__.'));
Synchronous Parsing
This feature allows you to parse markdown synchronously, which is useful when you don't need to handle asynchronous operations.
const marked = require('marked');
const html = marked('## Synchronous markdown to HTML');
console.log(html);
Asynchronous Parsing
This feature allows you to parse markdown asynchronously, which can be useful when dealing with file systems or network requests.
const marked = require('marked');
marked('# Asynchronous markdown to HTML', function(err, content) {
if (err) throw err;
console.log(content);
});
Lexer and Parser
This feature exposes the lexer and parser, allowing you to generate tokens from markdown and then parse those tokens into HTML. This can be useful for advanced use-cases where you need to manipulate the tokens before parsing.
const marked = require('marked');
const tokens = marked.lexer('# Lexing markdown');
console.log(tokens);
const html = marked.parser(tokens);
console.log(html);
Remarkable is an npm package that offers similar markdown parsing and rendering capabilities. It provides a full-featured markdown parser and compiler, and it emphasizes extensibility and performance, much like marked.
Showdown is another markdown to HTML converter that can be used both in the browser and on the server. It has a similar feature set to marked but also includes extensions which allow for additional syntax and features beyond the standard markdown.
Markdown-it is a modern markdown parser with a focus on speed and extensibility. It supports the CommonMark specification and has a similar feature set to marked, but it also includes a plugin system for extending its capabilities.
Checkout the demo page to see marked in action ⛹️
Our documentation pages are also rendered using marked 💯
Also read about:
Node.js: Only current and LTS Node.js versions are supported. End of life Node.js versions may become incompatible with Marked at any point in time.
Browser: Not IE11 :)
CLI:
npm install -g marked
In-browser:
npm install marked
npm install @types/marked # For TypeScript projects
DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));
CLI
# Example with stdin input
$ marked -o hello.html
hello world
^D
$ cat hello.html
<p>hello world</p>
# Print all options
$ marked --help
Browser
<!doctype html>
<html>
<head>
<meta charset="utf-8"/>
<title>Marked in the browser</title>
</head>
<body>
<div id="content"></div>
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
<script>
document.getElementById('content').innerHTML =
marked.parse('# Marked in the browser\n\nRendered by **marked**.');
</script>
</body>
</html>
Copyright (c) 2011-2022, Christopher Jeffrey. (MIT License)
FAQs
A markdown parser built for speed
The npm package marked receives a total of 1,866,419 weekly downloads. As such, marked popularity was classified as popular.
We found that marked demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.