npmpackage.info

Gathering detailed insights and metrics for prismjs

Other packages similar to prismjs

@types/prismjs

1.26.5

TypeScript definitions for prismjs

babel-plugin-prismjs

2.1.0

A babel plugin to use PrismJS with standard bundlers.

@vuepress/plugin-prismjs

2.0.0-rc.0

VuePress plugin - prismjs

vite-plugin-prismjs

0.0.11

<h1 align="center">Vite Plugin Prismjs</h1>

Gathering detailed insights and metrics for prismjs

prismjs - 1.30.0 | npmpackage.info

prismjs

Lightweight, robust, elegant syntax highlighting.

1.30.0

12,691

MIT

TypeScript

1.96 MB

5.8

Installations

npm install prismjs

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=6

Node Version

22.14.0

NPM Version

10.9.2 Score

99.2

Supply Chain

87.6

Quality

83.6

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

76

Total

2,097

Closed

301

Merged

1,720

Issues

Open

365

Total

1,704

Closed

1,339

Releases

v1.30.0

Updated on Mar 10, 2025

v1.29.0

Updated on Aug 23, 2022

v1.28.0

Updated on Apr 17, 2022

v1.27.0

Updated on Feb 17, 2022

v1.26.0

Updated on Jan 06, 2022

v1.25.0

Updated on Sep 16, 2021

View All 42 releases

Languages

TypeScript

CSS

JavaScript

Lua

C++

Shell

Awk

TypeScript (94.91%)

CSS (3.62%)

JavaScript (1.33%)

C (0.05%)

Lua (0.04%)

C++ (0.03%)

Shell (0.02%)

Awk (0.01%)

Developer

PrismJS

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

12,691 Stars

3,922 Commits

1,323 Forks

122 Watchers

8 Branches

356 Contributors

Updated on Jul 10, 2025

Maintainers

View All 356 Contributors

Package Meta Information

Latest Version

1.30.0

Package Id

prismjs@1.30.0

Unpacked Size

1.96 MB

Size

527.62 kB

File Count

700

NPM Version

10.9.2

Node Version

22.14.0

Published on

Mar 10, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Prism

Prism is a lightweight, robust, and elegant syntax highlighting library. It's a spin-off project from Dabblet.

You can learn more on prismjs.com.

Why another syntax highlighter?

More themes for Prism!

Contribute to Prism!

Important Notice

We are currently working on Prism v2 and will only accept security-relevant PRs for the time being.

Once work on Prism v2 is sufficiently advanced, we will accept PRs again. This will be announced on our Discussion page and mentioned in the roadmap discussion.

Prism v1 contributing notes

Prism depends on community contributions to expand and cover a wider array of use cases. If you like it, consider giving back by sending a pull request. Here are a few tips:

Read the documentation. Prism was designed to be extensible.
Do not edit prism.js, it’s just the version of Prism used by the Prism website and is built automatically. Limit your changes to the unminified files in the components/ folder. prism.js and all minified files are generated by our build system (see below).
Use npm ci to install Prism's dependencies. Do not use npm install because it will cause non-deterministic builds.
The build system uses gulp to minify the files and build prism.js. With all of Prism's dependencies installed, you just need to run the command npm run build.
Please follow the code conventions used in the files already. For example, I use tabs for indentation and spaces for alignment. Opening braces are on the same line, closing braces on their own line regardless of construct. There is a space before the opening brace. etc etc.
Please try to err towards more smaller PRs rather than a few huge PRs. If a PR includes changes that I want to merge and also changes that I don't, handling it becomes difficult.
My time is very limited these days, so it might take a long time to review bigger PRs (small ones are usually merged very quickly), especially those modifying the Prism Core. This doesn't mean your PR is rejected.
If you contribute a new language definition, you will be responsible for handling bug reports about that language definition.
If you add a new language definition or plugin, you need to add it to components.json as well and rebuild Prism by running npm run build, so that it becomes available to the download build page. For new languages, please also add a few tests and an example in the examples/ folder.
Go to prism-themes if you want to add a new theme.

Thank you so much for contributing!!

Software requirements

Prism will run on almost any browser and Node.js version but you need the following software to contribute:

Node.js >= 10.x
npm >= 6.x

Translations

简体中文 (if unavailable, see here)

High

0/10

Summary

Denial of service in prismjs

Affected Versions

< 1.23.0

Patched Versions

1.23.0

High

7.5/10

Summary

Cross-site Scripting in Prism

Affected Versions

>= 1.14.0, < 1.27.0

Patched Versions

1.27.0

High

7.4/10

Summary

Regular Expression Denial of Service (ReDoS) in Prism

Affected Versions

< 1.24.0

Patched Versions

1.24.0

High

7.1/10

Summary

Cross-Site Scripting in Prism

Affected Versions

>= 1.1.0, < 1.21.0

Patched Versions

1.21.0

Moderate

4.9/10

Summary

PrismJS DOM Clobbering vulnerability

Affected Versions

< 1.30.0

Patched Versions

1.30.0

Moderate

6.5/10

Summary

prismjs Regular Expression Denial of Service vulnerability

Affected Versions

< 1.25.0

Patched Versions

1.25.0

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

8

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/danger.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/danger.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/PrismJS/prism/test.yml/v2?enable=pin
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 6 out of 6 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

5.8

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to prismjs

Other packages similar to prismjs

prismjs

Installations

Developer Guide

No

CommonJS

>=6

22.14.0

10.9.2

Score

Pull Requests

76

2,097

301

1,720

Issues

365

1,704

1,339

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

Prism

Contribute to Prism!

Important Notice

Software requirements

Translations

10

10

10

10

10

8

8

3

0

0

0

0

0

5.8

/10