Fundamentals Tools Updates Case Studies

Home page Chrome DevTools Lighthouse Puppeteer Workbox Chrome User Experience Report

Includes Front-End JavaScript Libraries With Known Security Vulnerabilities

Overview

Intruders have automated web crawlers that can scan your site for known security vulnerabilities. When the web crawler detects a vulnerability, it alerts the intruder. From there, the intruder just needs to figure out how to exploit the vulnerability on your site.

Recommendations

Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version, or consider using a different library.

See Snyk's Vulnerability DB to learn more about each library's vulnerability.

More information

To detect vulnerable libraries, Lighthouse:

Runs Library Detector For Chrome.
Checks the list of detected libraries against Snyk's Vulnerability DB.

An intruder can scan your entire site using the process above and a web crawler.

Feedback

Was this page helpful?

Yes

What was the best thing about this page?

It helped me complete my goal(s)

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It had the information I needed

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It had accurate information

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It was easy to read

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

Something else

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

No

What was the worst thing about this page?

It didn't help me complete my goal(s)

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It was missing information I needed

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It had inaccurate information

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

It was hard to read

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

Something else

Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.