Gathering detailed insights and metrics for prismjs
Gathering detailed insights and metrics for prismjs
Gathering detailed insights and metrics for prismjs
Gathering detailed insights and metrics for prismjs
Lightweight, robust, elegant syntax highlighting.
npm install prismjs
Typescript
Module System
Min. Node Version
Node Version
NPM Version
98.9
Supply Chain
87.6
Quality
82.5
Maintenance
100
Vulnerability
100
License
Total
1,611,422,264
Last Day
314,748
Last Week
7,395,702
Last Month
31,032,031
Last Year
370,011,592
12,350 Stars
3,604 Commits
1,294 Forks
118 Watching
9 Branches
373 Contributors
Updated on 08 Dec 2024
Minified
Minified + Gzipped
JavaScript (78.65%)
HTML (17.5%)
CSS (3.73%)
C (0.04%)
Terra (0.03%)
Shell (0.02%)
C++ (0.02%)
Awk (0.01%)
Cumulative downloads
Total Downloads
Last day
4.2%
314,748
Compared to previous day
Last week
7.3%
7,395,702
Compared to previous week
Last month
-2.5%
31,032,031
Compared to previous month
Last year
-6.7%
370,011,592
Compared to previous year
33
Prism is a lightweight, robust, and elegant syntax highlighting library. It's a spin-off project from Dabblet.
You can learn more on prismjs.com.
Why another syntax highlighter?
We are currently working on Prism v2 and will only accept security-relevant PRs for the time being.
Once work on Prism v2 is sufficiently advanced, we will accept PRs again. This will be announced on our Discussion page and mentioned in the roadmap discussion.
Prism depends on community contributions to expand and cover a wider array of use cases. If you like it, consider giving back by sending a pull request. Here are a few tips:
prism.js
, it’s just the version of Prism used by the Prism website and is built automatically. Limit your changes to the unminified files in the components/
folder. prism.js
and all minified files are generated by our build system (see below).npm ci
to install Prism's dependencies. Do not use npm install
because it will cause non-deterministic builds.prism.js
. With all of Prism's dependencies installed, you just need to run the command npm run build
.components.json
as well and rebuild Prism by running npm run build
, so that it becomes available to the download build page. For new languages, please also add a few tests and an example in the examples/
folder.Thank you so much for contributing!!
Prism will run on almost any browser and Node.js version but you need the following software to contribute:
Stable Version
4
0/10
Summary
Denial of service in prismjs
Affected Versions
< 1.23.0
Patched Versions
1.23.0
7.5/10
Summary
Cross-site Scripting in Prism
Affected Versions
>= 1.14.0, < 1.27.0
Patched Versions
1.27.0
7.4/10
Summary
Regular Expression Denial of Service (ReDoS) in Prism
Affected Versions
< 1.24.0
Patched Versions
1.24.0
7.1/10
Summary
Cross-Site Scripting in Prism
Affected Versions
>= 1.1.0, < 1.21.0
Patched Versions
1.21.0
1
6.5/10
Summary
prismjs Regular Expression Denial of Service vulnerability
Affected Versions
< 1.25.0
Patched Versions
1.25.0
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
Found 21/28 approved changesets -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
39 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More