If you are loading Highlight.js via CDN you may wish to use Subresource Integrity to guarantee that you are using a legimitate build of the library.
To do this you simply need to add the integrity attribute for each JavaScript file you download via CDN. These digests are used by the browser to confirm the files downloaded have not been modified.
<script
src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"
integrity="sha384-xBsHBR6BS/LSlO3cOyY2D/4KkmaHjlNn3NnXUMFFc14HLZD7vwVgS3+6U/WkHAra"
></script>
<!-- including any other grammars you might need to load -->
<script
src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/go.min.js"
integrity="sha384-WmGkHEmwSI19EhTfO1nrSk3RziUQKRWg3vO0Ur3VYZjWvJRdRnX4/scQg+S2w1fI"
></script>The full list of digests for every file can be found below.
sha384-WCznKe2n87QvV/L1MlXN+S8R6NPUQGU34+AqogMuWGZJswSD6rt3Mgih+xuKlDgm /es/languages/javascript.js
sha384-eGsBtetyKPDKaLiTnxTzhSzTFM6A/yjHBQIj4rAMVaLPKW5tJb8U6XLr/AikCPd+ /es/languages/javascript.min.js
sha384-vJxw3XlwaqOQr8IlRPVIBO6DMML5W978fR21/GRI5PAF7yYi2WstLYNG1lXk6j9u /languages/javascript.js
sha384-44q2s9jxk8W5N9gAB0yn7UYLi9E2oVw8eHyaTZLkDS3WuZM/AttkAiVj6JoZuGS4 /languages/javascript.min.js
sha384-QZL6p31xIM48BgsauD4K98MG0t81a2jtgrtONnTCl2NeNqRDj3f+ykIPoRSWhaKp /highlight.js
sha384-zGp17eLcRaW2bwKFvsuL0WTJ27JC2ZhjfaAOFSIovVBCsMIG6qkjoBEm6ejgLyvg /highlight.min.js