Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
highlightjs-glimmer
Advanced tools
highlightjs-glimmer
glimmer syntax highlighting with highlight.js
Install
yarn add highlightjs-glimmer
# or
npm install highlightjs-glimmer
Compatibility
Requires: highlight.js >= v11
| Remark | Rehype | MarkdownIt | |
|---|---|---|---|
| cjs | ✅ | ✅ | ✅ |
| esm | ❌1 | ✅ | ✅ |
Usage
import hljs from 'highlight.js';
import { setup } from 'highlightjs-glimmer';
setup(hljs);
hljs.highlightAll();
- the
javascriptlanguage must be registered beforesetupis called. setupmust be called before any highlighting occurs.
Supported language tags:
<pre>
<code class="language-{tag}">
where {tag} could be:
- glimmer
- hbs
- html.hbs
- html.handlebars
- htmlbars
NOTE because highlightjs-glimmer overrides the same aliases as highlightjs' handlebars grammar, to use the handlebars grammar align with the glimmer grammar, you'll need to use the full name in class
<pre><code class="lang-glimmer">...</code></pre>
<pre><code class="lang-handlebars">...</code></pre>
with await import(...)
When using ES Modules in browsers with a packager
let HIGHLIGHT;
async function getHighlighter() {
if (HIGHLIGHT) return HIGHLIGHT;
HIGHLIGHT = (await import('highlight.js')).default;
let { setup } = await import('highlightjs-glimmer');
setup(HIGHLIGHT);
return HIGHLIGHT;
}
async highlight() {
let hljs = await getHighlighter();
let element = document.querySelector('...');
hljs.highlightElement(element);
}
highlight();
API
-
setupThe convenience method for configuring everything related to glimmer highlighting. This wraps
registerLanguageandregisterInjections. For most use cases, this should be the only method you need. -
registerLanguageConvenience method for registering the glimmer syntax with highlight.js under the name "glimmer"
-
registerInjectionsConfigures injections in supported languages where it's common to use glimmer syntax.
-
glimmerThe highlight.js grammar function. This can be used to register the glimmer grammar under a name other than "glimmer".
CDN Usage
Traditional Script Tags
<script type="text/javascript" src="/cdn/path/to/highlight.min.js"></script>
<script type="text/javascript" src="/cdn/path/to/highlightjs-glimmer/glimmer.js"></script>
<script type="text/javascript">hljs.highlightAll();</script>
ES Modules
At this time, highlight.js does not ship ES Modules to CDNs
<script type="text/javascript" src="/cdn/path/to/highlight.min.js"></script>
<script type="module">
import { glimmer } from '/cdn/path/to/highlightjs-glimmer/glimmer.esm.js';
hljs.registerLanguage('glimmer', glimmer);
hljs.highlightAll();
</script>
Node / cjs / require
const hljs = require('highlight.js');
const { setup } = require('highlightjs-glimmer');
setup(hljs);
hljs.highlightAll();
Only Node 14 is supported
Node ES Modules / import
import hljs from 'highlight.js';
import { setup } from 'highlightjs-glimmer';
setup(hljs);
hljs.highlightAll();
With Node 14, launch with
NODE_OPTIONS="--experimental-vm-modules" node your-module-script.js
Contributing
Debug with yarn debug -p 4201
Visit http://localhost:4201
Run Tets with yarn test or npm run test
Footnotes
-
remark-highlight.js is deprecated and cjs only ↩
FAQs
Glimmer syntax highlighting with Highlight.JS
The npm package highlightjs-glimmer receives a total of 22,986 weekly downloads. As such, highlightjs-glimmer popularity was classified as popular.
We found that highlightjs-glimmer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Nov 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025