Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
monaco-editor
Advanced tools
The monaco-editor npm package provides the code editor that powers VS Code, offering rich IntelliSense, validation for a variety of languages, and advanced editing features. It can be integrated into web applications to provide a full-fledged code editing experience.
Syntax highlighting and IntelliSense
This code initializes the Monaco Editor with JavaScript syntax highlighting and IntelliSense support.
var editor = monaco.editor.create(document.getElementById('container'), {
value: 'function x() {\n console.log("Hello world!");\n}',
language: 'javascript'
});
Code validation and linting
This code adds a marker to the editor model, indicating an error at the specified position with a message.
monaco.editor.setModelMarkers(editor.getModel(), 'owner', [
{ startLineNumber: 1, startColumn: 1, endLineNumber: 1, endColumn: 1, message: 'Error message', severity: monaco.MarkerSeverity.Error }
]);
Custom themes
This code defines a custom theme for the editor and applies it.
monaco.editor.defineTheme('myTheme', {
base: 'vs',
inherit: true,
rules: [{ background: 'EDF9FA' }],
colors: { 'editor.foreground': '#000000' }
});
monaco.editor.setTheme('myTheme');
Keybindings and editor actions
This code adds a custom action to the editor that can be triggered with a keyboard shortcut.
editor.addAction({
id: 'my-unique-id',
label: 'My Label',
keybindings: [monaco.KeyMod.CtrlCmd | monaco.KeyCode.KEY_S],
run: function(ed) {
alert('Action triggered!');
}
});
Ace is a standalone code editor written in JavaScript. It is similar to monaco-editor but with a different API and less out-of-the-box language support. Ace is lightweight and can be easier to integrate into existing projects.
CodeMirror is another browser-based code editor with features like syntax highlighting, a rich API, and various language modes. It is less resource-intensive than monaco-editor and is often used in scenarios where performance is critical.
Brace is a fork of Ace that packages the editor for use with browserify, which can make it easier to use with npm and Node.js-based build systems. It offers similar functionality to Ace.
The Monaco Editor is the fully featured code editor from VS Code. Check out the VS Code docs to see some of the supported features.
Try out the editor and see various examples in our interactive playground.
The playground is the best way to learn about how to use the editor, which features is supports, to try out different versions and to create minimal reproducible examples for bug reports.
> npm install monaco-editor
You will get:
/esm
: ESM version of the editor (compatible with e.g. webpack)/dev
: AMD bundled, not minified/min
: AMD bundled, and minified/min-maps
: source maps for min
monaco.d.ts
: this specifies the API of the editor (this is what is actually versioned, everything else is considered private and might break with any release).It is recommended to develop against the dev
version, and in production to use the min
version.
Monaco editor is best known for being the text editor that powers VS Code. However, it's a bit more nuanced. Some basic understanding about the underlying concepts is needed to use Monaco editor effectively.
Models are at the heart of Monaco editor. It's what you interact with when managing content. A model represents a file that has been opened. This could represent a file that exists on a file system, but it doesn't have to. For example, the model holds the text content, determines the language of the content, and tracks the edit history of the content.
Each model is identified by a URI. This is why it's not possible for two models to have the same URI. Ideally when you represent content in Monaco editor, you should think of a virtual file system that matches the files your users are editing. For example, you could use file:///
as a base path. If a model is created without a URI, its URI will be inmemory://model/1
. The number increases as more models are created.
An editor is a user facing view of the model. This is what gets attached to the DOM and what your users see visually. Typical editor operations are displaying a model, managing the view state, or executing actions or commands.
Providers provide smart editor features. For example, this includes completion and hover information. It is not the same as, but often maps to language server protocol features.
Providers work on models. Some smart features depends on the file URI. For example, for TypeScript to resolve imports, or for JSON IntelliSense to determine which JSON schema to apply to which model. So it's important to choose proper model URIs.
Many Monaco related objects often implement the .dispose()
method. This method is intended to perform cleanups when a resource is no longer needed. For example, calling model.dispose()
will unregister it, freeing up the URI for a new model. Editors should be disposed to free up resources and remove their model listeners.
monaco.d.ts
.Create issues in this repository for anything related to the Monaco Editor. Please search for existing issues to avoid duplicates.
❓ What is the relationship between VS Code and the Monaco Editor?
The Monaco Editor is generated straight from VS Code's sources with some shims around services the code needs to make it run in a web browser outside of its home.
❓ What is the relationship between VS Code's version and the Monaco Editor's version?
None. The Monaco Editor is a library and it reflects directly the source code.
❓ I've written an extension for VS Code, will it work on the Monaco Editor in a browser?
No.
Note: If the extension is fully based on the LSP and if the language server is authored in JavaScript, then it would be possible.
❓ Why all these web workers and why should I care?
Language services create web workers to compute heavy stuff outside of the UI thread. They cost hardly anything in terms of resource overhead and you shouldn't worry too much about them, as long as you get them to work (see above the cross-domain case).
❓ What is this loader.js
? Can I use require.js
?
It is an AMD loader that we use in VS Code. Yes.
❓ I see the warning "Could not create web worker". What should I do?
HTML5 does not allow pages loaded on file://
to create web workers. Please load the editor with a web server on http://
or https://
schemes.
❓ Is the editor supported in mobile browsers or mobile web app frameworks?
No.
❓ Why doesn't the editor support TextMate grammars?
monaco-editor
, vscode-oniguruma
and vscode-textmate
to get TM grammar support in the editor.We are welcoming contributions from the community! Please see CONTRIBUTING for details how you can contribute effectively, how you can run the editor from sources and how you can debug and fix issues.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Licensed under the MIT License.
FAQs
A browser based code editor
The npm package monaco-editor receives a total of 1,160,159 weekly downloads. As such, monaco-editor popularity was classified as popular.
We found that monaco-editor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.