Includes front-end JavaScript libraries with known security vulnerabilities
Intruders have automated web crawlers that can scan your site for known security vulnerabilities. When the web crawler detects a vulnerability, it alerts the intruder. From there, the intruder just needs to figure out how to exploit the vulnerability on your site.
How this Lighthouse audit fails
Lighthouse flags front-end JavaScript libraries with known security vulnerabilities:
To detect vulnerable libraries, Lighthouse:
- Runs Library Detector For Chrome.
- Checks the list of detected libraries against snyk's Vulnerability DB.
Each Best Practices audit is weighted equally in the Lighthouse Best Practices Score. Learn more in The Best Practices score.
Stop using insecure JavaScript libraries
Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version. If the library hasn't released a new version or is no longer maintained, consider using a different library.
Click the links in the Library Version column of your report to learn more about each library's vulnerabilities.