limber icon indicating copy to clipboard operation
limber copied to clipboard
verified publisher icon NullVoxPopuli

WIP: Shiki based syntax highlighting in codemirror

Open evoactivity opened this issue 4 months ago • 5 comments

First commit is just a proof of concept.

Switching between languages will be the main thing to figure out from here.

image
  • https://github.com/fengzilong/codemirror-shiki/tree/main
  • https://discuss.codemirror.net/t/shiki-integration-for-codemirror/9538

evoactivity avatar Oct 17 '25 00:10 evoactivity

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

bolt-new-by-stackblitz[bot] avatar Oct 17 '25 00:10 bolt-new-by-stackblitz[bot]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​shikijs/​themes@​3.13.01001007696100
Addedshiki@​3.13.01001007797100
Updatedember-repl@​7.0.0 ⏵ 7.0.178 -2210084 -1690 -10100
Addedcodemirror-shiki@​0.3.0781008289100
Added@​shikijs/​langs@​3.13.01001007996100

View full report

socket-security[bot] avatar Oct 17 '25 00:10 socket-security[bot]

[!WARNING] Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
[email protected] has Obfuscated code.

Confidence: 0.91

Location: Package overview

From: apps/tutorial/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security[bot] avatar Oct 17 '25 00:10 socket-security[bot]

Project Preview URL[^note] Manage
Limber https://shiki-highlighter.limber-glimdown.pages.dev on Cloudflare
Tutorial https://shiki-highlighter.limber-glimmer-tutorial.pages.dev on Cloudflare

Logs

[^note]: if these branch preview links are not working, please check the logs for the commit-based preview link. There is a character limit of 28 for the branch subdomain, as well as some other heuristics, described here for the sake of implementation ease in deploy-preview.yml, that algo has been omitted. The URLs are logged in the wrangler output, but it's hard to get outputs from a matrix job.

github-actions[bot] avatar Oct 17 '25 00:10 github-actions[bot]

EXCITE!

NullVoxPopuli avatar Oct 17 '25 01:10 NullVoxPopuli