Includes front-end JavaScript libraries with known security vulnerabilities

Intruders have automated web crawlers that can scan your site for known security vulnerabilities. When the web crawler detects a vulnerability, it alerts the intruder. From there, the intruder just needs to figure out how to exploit the vulnerability on your site. Lighthouse flags front-end JavaScript libraries with known security vulnerabilities:

Lighthouse audit showing any front-end JavaScript libraries with known security vulnerabilities used by the page
Fig. 1 — Page uses front-end JavaScript libraries with security vulnerabilities

How this audit fails

To detect vulnerable libraries, Lighthouse:

Each Best Practices audit is weighted equally in the Lighthouse Best Practices Score. Learn more in The Best Practices score.

Stop using these JavaScript libraries

An intruder can scan your entire site using a web crawler.

Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version, or consider using a different library.

See Snyk's Vulnerability DB to learn more about each library's vulnerability.

More information

Includes vulnerabe JS libraries audit source

Last updated: Improve article