Includes front-end JavaScript libraries with known security vulnerabilities
Intruders have automated web crawlers that can scan your site for known security vulnerabilities. When the web crawler detects a vulnerability, it alerts the intruder. From there, the intruder just needs to figure out how to exploit the vulnerability on your site.
How this Lighthouse audit fails #
Lighthouse flags front-end JavaScript libraries with known security vulnerabilities:
To detect vulnerable libraries, Lighthouse:
- Runs Library Detector For Chrome.
- Checks the list of detected libraries against snyk's Vulnerability DB.
Stop using insecure JavaScript libraries #
Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version. If the library hasn't released a new version or is no longer maintained, consider using a different library.
Click the links in the Library Version column of your report to learn more about each library's vulnerabilities.
Resources #
- Source code for Includes front-end JavaScript libraries with known security vulnerabilities audit
- snyk's Vulnerability DB