Snyk, the leading solution for addressing vulnerabilities in open source libraries, announced today it is powering the vulnerable JavaScript libraries audit in Google Chrome’s Lighthouse, in general availability. The integration offers developers critical information about potential libraries that developers might be using that contain security vulnerabilities, increasing awareness and making it easier to take action.
Lighthouse is Chrome’s open-source automated tool for improving the performance, quality and correctness of web apps and pages. It can be used as a browser extension or Node module, and also powers the auditing functionality in the developer tools built directly into Chrome. As of Chrome 63, Lighthouse has a “Best Practices” audit that detects front-end JavaScript libraries in use with a known security vulnerability by testing against Snyk’s vulnerability database. If any known security issues are discovered, the site in question’s audit score is docked, and developers receive a detailed report of each vulnerability with a link to Snyk to resolve the issues.
“In early 2017, researchers found that 37 percent of sites had at least one client-side JavaScript library containing a known security vulnerability,” said Guy Podjarny, CEO, Snyk Ltd. “Recently, we completed a report noting that the reality was worse: 77 percent of the top 433,000 URL’s used a JavaScript library with a known security issue. Recognizing the importance of the issue, Snyk collaborated with the Lighthouse team to audit vulnerable JavaScript libraries. This integration applies an extra layer of visibility for developers as we work toward making the web more secure by default.”
Snyk helps companies securely use open source code. Snyk’s solution continuously fixes vulnerabilities in open source libraries, relying on a unique proprietary vulnerability database. The open source security solution allows developers to secure their dependencies quickly and independently, minimizing the necessary attention to addressing issues.