Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
| GitHub Repo | Collection of rendered codes
To support syntax highlighting of the MMT Surface Syntax from the MMT project this package is a Pygments plugin including
mmt
)mmtdefault
)mmtrel
).Collection of rendered codes: click here
Screenshot: (click for live version)
via Pip (easy)
pip install Pygments mmtpygments
via pipenv
or other Python package managers superior to Pip:
Run pipenv install pygments mmtpygments
in your project directory, e.g. containing the LaTeX files in which you'd like to use this
Remember to use mmtpygments
from now on always in that virtual environment context: run your intended command within pipenv shell
For example, if you'd like to use this in LaTeX and use TeXStudio as an IDE, start TeXStudio from within that shell.
This way, you don't clutter your whole PC with the Pip packages and more importantly, you document the Pip package versions in the Pipfile.lock
file generated in step (2.1).
pygmentize -f html -l mmt -O full,style=mmtdefault -o test.html test.mmt
This tells Pygments to use the HTML formatter (-f
), the MMT lexer (-l
) and to output a full HTML file using the mmtdefault
style (-O
) rendered of test.mmt
into test.html
(-o
).
minted is a LaTeX package rendering codes with Pygments as the backend.
% !TeX encoding = UTF-8
% !TEX TS-program = latexmk -xelatex -shell-escape -silent -latexoption="-synctex=1 -8bit" %
%
% ^^^ This is the build command. Install latexmk if you don't have it already.
% You may choose an alternative LaTeX derivative, e.g. LuaLaTeX, but be warned that it must support Unicode!
\documentclass{article}
\usepackage{fontspec}
% Download GNU Unifont from http://unifoundry.com/unifont/index.html
% And save it, say, as "fonts/unifont-12.1.03.ttf"
\newfontfamily\unifont{unifont-12.1.03.ttf}[Path=./fonts/,NFSSFamily=unifont]
% Disable caching for debugging purposes (increases compilation times!)
\usepackage[cache=false]{minted}
\setminted{fontfamily=unifont,tabsize=2,breaklines=true}
\newminted[mmtcode]{mmt}{}
\newmintinline[mmtinline]{mmt}{}
\newmintedfile[mmtfile]{mmt}{}
\begin{document}
% Variant 1: Code given in LaTeX, rendered in display mode
\begin{mmtcode}
theory MyTheory = c : type ❘ # abc ❙❚
\end{mmtcode}
% Variant 2: Code given in LaTeX, rendered inline
% You can use any delimiter you like, here we use /
\mmtinline/theory MyTheory = c : type ❘ # abc ❙❚/
% Variant 3: Code given externally in file, rendered in display mode
% \mmtfile{your-mmt-file.mmt}
\end{document}
LaTeX Beamer: Use the fragile
option for frames embedding codes: \begin{frame}[fragile] ... \end{frame}
See the minted manual for more information on how to customize it.
If you tab characters in the MMT source being highlighted and they are shown in the PDF rendered by XeLaTeX, you face a known bug of XeLaTeX ([1], [2]). It can be solved by passing -8bit
to XeLaTeX.
Pipfile
and Pipfile.lock
files.pipenv install
git submodule init
git submodule update
cd mmtpygments/test
pipenv run python test.py ./
(returns non-zero exit code on failure)index.html
in a browser to see failures visually (red rectangles).This test.py
runs the lexer on large MMT archives containing a lot of MMT surface syntax. It recursively searches for MMT files in mmtpygments/test/data
, on which it then runs the provided lexer and Pygment's HtmlFormatter. The rendered versions are written next to the original *.mmt
files with an .html
extension. Furthermore, index.html
and amalgamation.html
are generated to link and display the results, respectively.
The Travis build automatically runs test.py
and deploys the results on the gh-pages
branch, see https://comfreek.github.io/mmtpygments/ and especially https://comfreek.github.io/mmtpygments/mmtpygments/test/index.html.
For tinkering and testing the lexer, it is recommended to employ the same testing infrastructure as described above. Even though the Travis build fails on lexing error, test.py
actually doesn't -- it just returns a non-zero exit code. In fact, it even generates the HTML renderings with red rectangles around lexing errors. Hence, while tinkering with the lexer, just regularly run test.py
and look at the index.html
locally in your browser to see any errors.
Publishing is done automatically via .travis.yml upon tagged commits on the master branch. For that do
git tag -a vx.y.z -m "Version x.y.z, see CHANGELOG.md"
(the tag name needs to start with v
and a digit for Travis CI to pick it up, see .travis.yml
)git push && git push --tags
Not recommended: If you really have to publish a version manually for whatever reason, do the following:
# Packaging
$ pipenv run python setup.py sdist bdist_wheel
# Checking if packages are okay (PyPi server will do the same)
$ pipenv run twine check dist/*
# Upload to Test PyPi repository
$ pipenv run twine upload --repository-url https://test.pypi.org/legacy/ dist/*
# Upload to real PyPi repository
$ pipenv run twine upload dist/*
In case you wish to host this repository or a fork thereof somewhere else, these are the places where you have to make changes:
README.md
: Change all links referencing anything under https://ComFreek.github.io/mmtpygments
to the URI where you deploy your things..travis.yml
:
python test.py
is run to your hosting URI.FAQs
Pygments plugin for MMT surface syntax (lexer & style)
We found that mmtpygments demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.