Book a demo →
npm package report

Is highlight.js safe?

Checked against the XYZ decision brain: known-malicious corpus, advisories, commit-level findings, dependencies and provenance.

cyberxyz.io/packages/npm/highlight.js
npm packagelast checked 2026-06-10

highlight.js · verdict ALLOW · no known risk

0.6/10
XYZ SCORE
SUMMARY

Verdict ALLOW · 40 known dependencies · 1 flagged · provenance: unknown

Re-check live →

SIGNALS
Advisory HistoryclearOK

3 historical advisory record(s) on this package (max severity MODERATE). Add a version to check whether it is affected.

DEPENDENCIES
bluebird@^2.9.30clean
bluebird@^3.0.1clean
bluebird@^3.5.1clean
bluebird@^3.5.3clean
bluebird@^3.5.5clean
chai@*clean
clean-css@^4.2.1clean
clean-css@^4.2.3clean
clean-css@^5.0.1clean
clean-css@^5.3.0clean
clean-css@^5.3.2clean
cli-table@^0.3.1clean
colors@^1.1.2block
@colors/colors@^1.5.0clean
@colors/colors@^1.6.0clean
commander@*clean
commander@^10.0.1clean
commander@^11.0.0clean
commander@^12.1.0clean
commander@^2.19.0clean
PACKAGE highlight.jsECOSYSTEM npmDECISION ALLOW

Baked snapshot · run a live check for the current verdict · browse all packages