Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
react-markdown
Advanced tools
The react-markdown npm package is a markdown renderer for React applications. It allows you to take Markdown content and render it as React components. This is useful for content-driven applications, such as blogs or documentation sites, where you want to allow content creators to write in Markdown and then display that content within your React application.
Rendering Markdown
This feature allows you to render standard Markdown text as React components. The example code shows how to import the ReactMarkdown component and use it to render a simple piece of Markdown text.
import React from 'react';
import ReactMarkdown from 'react-markdown';
const markdown = '# Hello, *world*!';
function App() {
return <ReactMarkdown>{markdown}</ReactMarkdown>;
}
export default App;
Custom Renderers
This feature allows you to define custom renderers for different Markdown elements. In the example, a custom renderer is provided for 'h1' elements, which renders them with a blue color.
import React from 'react';
import ReactMarkdown from 'react-markdown';
const markdown = '# Hello, *world*!';
function HeadingRenderer(props) {
return <h1 style={{ color: 'blue' }}>{props.children}</h1>;
}
function App() {
return (
<ReactMarkdown
components={{
h1: HeadingRenderer
}}
>
{markdown}
</ReactMarkdown>
);
}
export default App;
Inline HTML and Skip HTML
This feature allows you to include or exclude inline HTML within your Markdown content. The example code demonstrates how to skip rendering inline HTML by using the 'skipHtml' prop.
import React from 'react';
import ReactMarkdown from 'react-markdown';
const markdown = 'This is a paragraph with <span style="color: red;">inline HTML</span>.';
function App() {
return (
<ReactMarkdown skipHtml>
{markdown}
</ReactMarkdown>
);
}
export default App;
Plugins
This feature allows you to extend the functionality of react-markdown with plugins. The example code shows how to use the 'remark-gfm' plugin to add support for GitHub Flavored Markdown (GFM) task lists.
import React from 'react';
import ReactMarkdown from 'react-markdown';
import gfm from 'remark-gfm';
const markdown = 'This supports GitHub Flavored Markdown (GFM)\n\n- [ ] todo\n- [x] done';
function App() {
return <ReactMarkdown remarkPlugins={[gfm]}>{markdown}</ReactMarkdown>;
}
export default App;
Marked is a low-level markdown compiler for parsing markdown without caching or blocking for long periods of time. It is less React-specific than react-markdown and requires additional work to integrate with React.
Remarkable is a highly configurable markdown parser and compiler. It offers similar functionality to react-markdown but is not designed specifically for React and does not render React components out of the box.
markdown-to-jsx is another React component that lets you render Markdown as React components. It is similar to react-markdown but offers a simpler API with less configurability, which might be preferable for simpler use cases.
Renders Markdown as pure React components.
Demo available at http://rexxars.github.io/react-markdown/
react-markdown is proudly sponsored by
npm install --save react-markdown@next
var React = require('react')
var ReactDOM = require('react-dom')
var ReactMarkdown = require('react-markdown')
var input = '# This is a header\n\nAnd this is a paragraph'
ReactDOM.render(<ReactMarkdown source={input} />, document.getElementById('container'))
If you don't need to render HTML, this component does not use dangerouslySetInnerHTML
at all -
this is a Good Thing™.
Inline HTML is currently broken for any tags that include attributes. A vague idea of how to fix this has been planned, but if you're feeling up to the task, create an issue and let us know!
source
- string The Markdown source to parse (required)className
- string Class name of the container element (default: ''
).escapeHtml
- boolean Setting to false
will cause HTML to be rendered (see note above about
broken HTML, though). Be aware that setting this to false
might cause security issues if the
input is user-generated. Use at your own risk. (default: true
).skipHtml
- boolean Setting to true
will skip inlined and blocks of HTML (default: false
).sourcePos
- boolean Setting to true
will add data-sourcepos
attributes to all elements,
indicating where in the markdown source they were rendered from (default: false
).allowedTypes
- array Defines which types of nodes should be allowed (rendered). (default: all
types).disallowedTypes
- array Defines which types of nodes should be disallowed (not rendered).
(default: none).unwrapDisallowed
- boolean Setting to true
will try to extract/unwrap the children of
disallowed nodes. For instance, if disallowing Strong
, the default behaviour is to simply skip
the text within the strong altogether, while the behaviour some might want is to simply have the
text returned without the strong wrapping it. (default: false
)allowNode
- function Function execute if in order to determine if the node should be allowed.
Ran prior to checking allowedTypes
/disallowedTypes
. Returning a truthy value will allow the
node to be included. Note that if this function returns true
and the type is not in
allowedTypes
(or specified as a disallowedType
), it won't be included. The function will
receive three arguments argument (node
, index
, parent
), where node
contains different
properties depending on the node type.transformLinkUri
- function|null Function that gets called for each encountered link with a
single argument - uri
. The returned value is used in place of the original. The default link URI
transformer acts as an XSS-filter, neutralizing things like javascript:
, vbscript:
and file:
protocols. If you specify a custom function, this default filter won't be called, but you can
access it as require('react-markdown').uriTransformer
. If you want to disable the default
transformer, pass null
to this option.transformImageUri
- function|null Function that gets called for each encountered image with a
single argument - uri
. The returned value is used in place of the original.renderers
- object An object where the keys represent the node type and the value is a React
component. The object is merged with the default renderers. The props passed to the component
varies based on the type of node.The node types available are the following, and applies to both renderers
and
allowedTypes
/disallowedTypes
:
root
- Root container element that contains the rendered markdownbreak
- Hard-break (<br>
)paragraph
- Paragraph (<p>
)emphasis
- Emphasis (<em>
)strong
- Strong/bold (<strong>
)thematicBreak
- Horizontal rule / thematic break (<hr>
)blockquote
- Block quote (<blockquote>
)delete
- Deleted/strike-through (<del>
)link
- Link (<a>
)image
- Image (<img>
)linkReference
- Link (through a reference) (<a>
)imageReference
- Image (through a reference) (<img>
)table
- Table (<table>
)tableHead
- Table head (<thead>
)tableBody
- Table body (<tbody>
)tableRow
- Table row (<tr>
)tableCell
- Table cell (<td>
/<th>
)list
- List (<ul>
/<ol>
)listItem
- List item (<li>
)definition
- Definition (not rendered by default)heading
- Heading (<h1>
-<h6>
)inlineCode
- Inline code (<code>
)code
- Block of code (<pre><code>
)html
- HTML node (Best-effort rendering)Note: Disallowing a node will also prevent the rendering of any children of that node, unless the
unwrapDisallowed
option is set to true
. Eg, disallowing a paragraph will not render it's
children text nodes.
git clone git@github.com:rexxars/react-markdown.git
cd react-markdown
npm install
npm test
MIT-licensed. See LICENSE.
FAQs
React component to render markdown
The npm package react-markdown receives a total of 1,789,446 weekly downloads. As such, react-markdown popularity was classified as popular.
We found that react-markdown demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.