Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
rehype-mathjax
Advanced tools
rehype plugin to render elements with a language-math
class with
MathJax.
This package is a unified (rehype) plugin to render math.
You can add classes to HTML elements, use fenced code in markdown, or combine
with remark-math
for a $C$
syntax extension.
This project is useful as it renders math with MathJax at compile time, which means that there is no client side JavaScript needed.
A different plugin, rehype-katex
, does the same but with
KaTeX.
This package is ESM only. In Node.js (version 16+), install with npm:
npm install rehype-mathjax
In Deno with esm.sh
:
import rehypeMathjax from 'https://esm.sh/rehype-mathjax@5'
In browsers with esm.sh
:
<script type="module">
import rehypeMathjax from 'https://esm.sh/rehype-mathjax@5?bundle'
</script>
Say our document input.html
contains:
<p>
Lift(<code class="language-math">L</code>) can be determined by Lift Coefficient
(<code class="language-math">C_L</code>) like the following equation.
</p>
<pre><code class="language-math">
L = \frac{1}{2} \rho v^2 S C_L
</code></pre>
…and our module example.js
contains:
import rehypeMathjax from 'rehype-mathjax'
import rehypeParse from 'rehype-parse'
import rehypeStringify from 'rehype-stringify'
import {read, write} from 'to-vfile'
import {unified} from 'unified'
const file = await unified()
.use(rehypeParse, {fragment: true})
.use(rehypeMathjax)
.use(rehypeStringify)
.process(await read('input.html'))
file.basename = 'output.html'
await write(file)
…then running node example.js
creates an output.html
with:
<p>
Lift(<mjx-container class="MathJax" jax="SVG"><!--…--></mjx-container>) can be determined by Lift Coefficient
(<mjx-container class="MathJax" jax="SVG"><!--…--></mjx-container>) like the following equation.
</p>
<mjx-container class="MathJax" jax="SVG" display="true"><!--…--></mjx-container>
<style>
mjx-container[jax="SVG"] {
direction: ltr;
}
/* … */
</style>
…open output.html
in a browser to see the rendered math.
This package has an export map with several entries for plugins using different strategies:
rehype-mathjax/browser
— browser (±1kb)rehype-mathjax/chtml
— CHTML (±154kb)rehype-mathjax/svg
— SVG (±566kb)rehype-mathjax
— same as SVGEach module exports the plugin rehypeMathjax
as
the default export.
unified().use(rehypeMathjax[, options])
Render elements with a language-math
(or math-display
, math-inline
)
class with MathJax.
options
(Options
, typically optional)
— configurationTransform (Transformer
).
Options
Configuration (TypeScript type).
chtml
(unknown
, optional)
— configuration for the output, when CHTML;
see CommonHTML Output Processor Options on
mathjax.org
svg
(unknown
, optional)
— configuration for the output, when SVG;
see SVG Output Processor Options on
mathjax.org
tex
(unknown
, optional)
— configuration for the input TeX;
see TeX Input Processor Options on
mathjax.org
When using rehype-mathjax/browser
, only options.tex.displayMath
and
options.tex.inlineMath
are used.
That plugin will use the first delimiter pair in those fields to wrap
math.
Then you need to load MathJax yourself on the client and start it with the
same markers.
You can pass other options on the client.
When using rehype-mathjax/chtml
, options.chtml.fontURL
is required.
For example:
// …
.use(rehypeMathjaxChtml, {
chtml: {
fontURL: 'https://cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/woff-v2'
}
})
// …
This plugin supports the syntax extension enabled by
remark-math
.
It also supports math generated by using fenced code:
```math
C_L
```
The content of any element with a language-math
, math-inline
, or
math-display
class is transformed.
The elements are replaced by what MathJax renders.
Either a math-display
class or using <pre><code class="language-math">
will
result in “display” math: math that is a centered block on its own line.
The HTML produced by MathJax does not require any extra CSS to render correctly.
This package is fully typed with TypeScript.
It exports the additional type Options
.
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line, rehype-mathjax@^5
,
compatible with Node.js 16.
This plugin works with unified version 6+ and rehype version 4+.
Assuming you trust MathJax, using rehype-mathjax
is safe.
A vulnerability in it could open you to a
cross-site scripting (XSS) attack.
Be wary of user input and use rehype-sanitize
.
When you don’t trust user content but do trust MathJax, run rehype-mathjax
after rehype-sanitize
:
import rehypeMathjax from 'rehype-mathjax'
import rehypeSanitize, {defaultSchema} from 'rehype-sanitize'
import rehypeStringify from 'rehype-stringify'
import remarkMath from 'remark-math'
import remarkParse from 'remark-parse'
import remarkRehype from 'remark-rehype'
import {unified} from 'unified'
const file = await unified()
.use(remarkParse)
.use(remarkMath)
.use(remarkRehype)
.use(rehypeSanitize, {
...defaultSchema,
attributes: {
...defaultSchema.attributes,
// The `language-*` regex is allowed by default.
code: [['className', /^language-./, 'math-inline', 'math-display']]
}
})
.use(rehypeMathjax)
.use(rehypeStringify)
.process('$C$')
console.log(String(file))
rehype-katex
— same but with KaTeXrehype-highlight
— highlight code blocksrehype-autolink-headings
— add links to headingsrehype-sanitize
— sanitize HTMLrehype-document
— wrap a document around the treeSee contributing.md
in remarkjs/.github
for ways
to get started.
See support.md
for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
FAQs
rehype plugin to transform inline and block math with MathJax
The npm package rehype-mathjax receives a total of 31,064 weekly downloads. As such, rehype-mathjax popularity was classified as popular.
We found that rehype-mathjax demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.