Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
react-refractor
Advanced tools
Super-thin React wrapper for refractor (Syntax highlighting using VDOM)
Syntax highlighter for React, utilizing VDOM for efficient updates
Feel free to check out a super-simple demo.
This package is ESM only and requires React 18 or higher.
npm install --save react-refractor
import {Refractor, registerLanguage} from 'react-refractor'
// Load any languages you want to use from `refractor`
import js from 'refractor/lang/javascript.js'
import php from 'refractor/lang/php.js'
// Then register them
registerLanguage(js)
registerLanguage(php)
ReactDOM.render(
<Refractor language="js" value="/* Code to highlight */" />,
document.getElementById('target'),
)
You'll need to register the languages you want to use - I've intentionally left all languages out of the default bundle in order to reduce the bundle size out of the box. Load and register them from refractor using something like this:
import docker from 'refractor/lang/docker'
registerLanguage(docker)
Stylesheets are not automatically handled for you - but there is a bunch of premade themes for Prism which you can simply drop in and they'll "just work". You can either grab these from the source, of pull them in using a CSS loader - whatever works best for you. You can also download a customized stylesheet from Prism's download customizer.
Note that when using the markers
feature, there is an additional class name called hljs-marker
which is not defined by highlight js as it's not a part of its feature set. You can either set it yourself, or you can explicitly set class names on markers.
Name | Description |
---|---|
className | Class name for the outermost pre tag. Default: refractor |
language | Language to use for syntax highlighting this value. Must be registered prior to usage |
value | The code snippet to syntax highlight |
inline | Whether code should be displayed inline (no <pre> tag, sets display: inline ) |
markers | Array of lines to mark. See section on markers below |
plainText | Set to true to skip highlighting and render the passed value as-is |
Prism.js operates directly on the DOM, while refractor generates an AST which react-refractor walks over and converts into virtual DOM nodes. The benefit of the AST approach is that we can easily reuse this across different platforms, highlight on both the server and the client using the same code base and benefit from Reacts virtual DOM diff algorithm to only update the nodes that change.
The drawback to this approach is that you cannot use Prism plugins, since they also work and depend directly on the DOM.
It's quite common to want to highlight lines when doing syntax highlighting, but Prism uses a very DOM-centric approach to achieve this. In order to make up for this, react-refractor provides a custom plugin that lets you define "markers". Since this is a non-standard feature, you will have to provide your own styling for the refractor-marker
class name. To highlight lines, simply provide the line numbers in the markers
property:
const source = `
const foo = 'bar'
const bar = 'foo'
const baz = foo + bar
`
// Highlight line 1 and 2, but not 3
<Refractor
language="js"
value={source}
markers={[1, 2]}
/>
You are also able to provide greater customization by specifying an object for each marker, which can include either a className
or a component
property. This allows you to render basically anything you want:
const source = `
const foo = 'bar'
const bar = 'foo'
const baz = "bar" + bar
`
// Highlight line 1 and 2, but not 3
<Refractor
language="js"
value={source}
markers={[
{line: 1, className: 'no-not-use-foo-in-examples'},
{line: 3, component: props => (
<TooltipedLine tooltipText="Prefer template for string concatenation">
{props.children}
</TooltipedLine>
)}
]}
/>
MIT-licensed. See LICENSE.
FAQs
Super-thin React wrapper for refractor (Syntax highlighting using VDOM)
The npm package react-refractor receives a total of 116,048 weekly downloads. As such, react-refractor popularity was classified as popular.
We found that react-refractor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.