The world's #1 JavaScript library for rich text editing. Available for React, Vue and Angular
Installations
npm install tinymceDeveloper Guide
Typescript
Yes
Module System
CommonJS
Node Version
20.18.0
NPM Version
10.8.2
Score
93.9
Supply Chain
95.1
Quality
92.6
Maintenance
100
Vulnerability
80.9
License
Releases
Unable to fetch releases
Contributors
Languages
TypeScript (94.86%)
HTML (2.53%)
Less (1.69%)
JavaScript (0.84%)
CSS (0.07%)
Makefile (0.01%)
Developer
Download Statistics
Total Downloads
94,598,491
Last Day
51,774
Last Week
347,345
Last Month
2,496,379
Last Year
30,351,693
GitHub Statistics
15,180 Stars
26,360 Commits
2,250 Forks
261 Watching
154 Branches
228 Contributors
Bundle Size
435.46 kB
Minified
152.65 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
7.6.0
Package Id
tinymce@7.6.0
Unpacked Size
8.34 MB
Size
1.63 MB
File Count
214
NPM Version
10.8.2
Node Version
20.18.0
Publised On
11 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
94,598,491
Last day
-55.3%
51,774
Compared to previous day
Last week
-45.4%
347,345
Compared to previous week
Last month
-10.7%
2,496,379
Compared to previous month
Last year
27.4%
30,351,693
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
TinyMCE
The world's #1 open source rich text editor.
Using an old version of TinyMCE? We recommend you to upgrade to TinyMCE 7 to continue receiving security updates, or consider TinyMCE 5 LTS if you need more time to upgrade.
Used and trusted by millions of developers, TinyMCE is the world’s most customizable, scalable, and flexible rich text editor. We’ve helped launch the likes of Atlassian, Medium, Evernote (and lots more that we can’t tell you), by empowering them to create exceptional content and experiences for their users.
With more than 350M+ downloads every year, we’re also one of the most trusted enterprise-grade open source HTML editors on the internet. There’s currently more than 100M+ products worldwide, powered by Tiny. As a high powered WYSIWYG editor, TinyMCE is built to scale, designed to innovate, and thrives on delivering results to difficult edge-cases.
You can access a full featured demo of TinyMCE in the docs on the TinyMCE website.
Get started with TinyMCE
Getting started with the TinyMCE rich text editor is easy, and for simple configurations can be done in less than 5 minutes.
TinyMCE Cloud Deployment Quick Start Guide
TinyMCE Self-hosted Deployment Guide
TinyMCE provides a range of configuration options that allow you to integrate it into your application. Start customizing with a basic setup.
Configure it for one of three modes of editing:
Features
Integration
TinyMCE is easily integrated into your projects with the help of components such as:
With over 29 integrations, and 400+ APIs, see the TinyMCE docs for a full list of editor integrations.
Customization
It is easy to configure the UI of your rich text editor to match the design of your site, product or application. Due to its flexibility, you can configure the editor with as much or as little functionality as you like, depending on your requirements.
With 50+ powerful plugins available, and content editable as the basis of TinyMCE, adding additional functionality is as simple as including a single line of code.
Realizing the full power of most plugins requires only a few lines more.
Extensibility
Sometimes your editor requirements can be quite unique, and you need the freedom and flexibility to innovate. Thanks to TinyMCE being open source, you can view the source code and develop your own extensions for custom functionality to meet your own requirements.
The TinyMCE API is exposed to make it easier for you to write custom functionality that fits within the existing framework of TinyMCE UI components.
Extended Features and Support
For the professional software teams that require more in-depth efficiency, compliance or collaborative features built to enterprise-grade standards, please get in touch with our team.
Tiny also offers dedicated SLAs and support for professional development teams.
Compiling and contributing
In 2019 the decision was made to transition our codebase to a monorepo. For information on compiling and contributing, see: contribution guidelines.
As an open source product, we encourage and support the active development of our software.
Want more information?
Visit the TinyMCE website and check out the TinyMCE documentation.
License
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file.
Stable Version
Stable Version
7.6.0
HIGH
2
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
>= 5.0.0, < 5.1.4
Patched Versions
5.1.4
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 4.9.7
Patched Versions
4.9.7
MODERATE
29
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
>= 7.0.0, < 7.2.0
Patched Versions
7.2.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
>= 6.0.0, < 6.8.4
Patched Versions
6.8.4
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
< 5.11.0
Patched Versions
5.11.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
>= 7.0.0, < 7.2.0
Patched Versions
7.2.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
>= 6.0.0, < 6.8.4
Patched Versions
6.8.4
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
< 5.11.0
Patched Versions
5.11.0
4.3/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Affected Versions
< 6.8.1
Patched Versions
6.8.1
4.3/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Affected Versions
< 7.0.0
Patched Versions
7.0.0
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.9.0
Patched Versions
5.9.0
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE plugins
Affected Versions
< 5.10.0
Patched Versions
5.10.0
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.6.0
Patched Versions
5.6.0
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.6.0
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Affected Versions
< 5.10.0
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.9.0
Patched Versions
5.9.0
6.1/10
Summary
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Affected Versions
>= 6.0.0, < 6.7.3
Patched Versions
6.7.3
6.1/10
Summary
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Affected Versions
< 5.10.9
Patched Versions
5.10.9
6.1/10
Summary
TinyMCE XSS vulnerability in notificationManager.open API
Affected Versions
< 5.10.8
Patched Versions
5.10.8
6.1/10
Summary
TinyMCE XSS vulnerability in notificationManager.open API
Affected Versions
>= 6.0.0, < 6.7.1
Patched Versions
6.7.1
6.1/10
Summary
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Affected Versions
< 5.10.8
Patched Versions
5.10.8
6.1/10
Summary
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Affected Versions
>= 6.0.0, < 6.7.1
Patched Versions
6.7.1
5.4/10
Summary
Cross-site scripting vulnerability in TinyMCE alerts
Affected Versions
< 5.10.7
Patched Versions
5.10.7
5.4/10
Summary
Cross-site scripting vulnerability in TinyMCE alerts
Affected Versions
>= 6.0.0, < 6.3.1
Patched Versions
6.3.1
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.7.1
Patched Versions
5.7.1
6.1/10
Summary
Duplicate Advisory: Cross-site scripting in TinyMCE
Affected Versions
>= 5.0.0, < 5.1.4
Patched Versions
5.1.4
6.1/10
Summary
Duplicate Advisory: Cross-site scripting in TinyMCE
Affected Versions
< 4.9.7
Patched Versions
4.9.7
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
>= 5.0.0, < 5.4.1
Patched Versions
5.4.1
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 4.9.11
Patched Versions
4.9.11
0/10
Summary
XSS in TinyMCE
Affected Versions
>= 5.0.0, < 5.2.2
Patched Versions
5.2.2
0/10
Summary
XSS in TinyMCE
Affected Versions
< 4.9.10
Patched Versions
4.9.10
LOW
1
0/10
Summary
Regex denial of service vulnerability in codesample plugin
Affected Versions
< 5.6.0
Patched Versions
5.6.0
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/api/Arbitraries.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/api/Generators.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/ArbChildrenSchema.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/ArbContent.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/ArbNodes.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/ArbSchema.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/ArbSchemaTypes.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/GenSelection.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/PropertySteps.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/TagDecorator.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: modules/agar/src/main/ts/ephox/agar/arbitrary/WeightedChoice.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/mcagar/src/main/ts/ephox/mcagar/api/pipeline/TinyScenarios.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/models/dom/test/ts/atomic/table/TableUtilsTest.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/autolink/test/ts/browser/AutoLinkPluginTest.ts:5
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/link/test/ts/atomic/DialogChangesTest.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/lists/test/ts/atomic/ListNumberingTest.ts:4
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/lists/test/ts/browser/ListModelTest.ts:5
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/lists/test/ts/browser/RetainContentTest.ts:6
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/lists/test/ts/module/ArbList.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/plugins/table/test/ts/atomic/UtilsTest.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/themes/silver/test/ts/atomic/components/sizeinput/SizeInputConvertTest.ts:4
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/themes/silver/test/ts/atomic/components/sizeinput/SizeInputConverterTest.ts:5
- Info: TypeScriptPropertyBasedTesting integration found: modules/tinymce/src/themes/silver/test/ts/atomic/components/sizeinput/SizeInputParsingTest.ts:4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:18
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Info: no jobLevel write permissions found
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 24/30 approved changesets -- score normalized to 8
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 8 commits out of 24 are checked with a SAST tool
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tinymce/tinymce/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/tinymce/tinymce/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tinymce/tinymce/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/tinymce/tinymce/codeql.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
Score
7.5
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More