The report shows that in the past 12 months, jQuery has downloaded more than 120 million times, which is equivalent to the number of downloads added by Vue.js (40 million times) and Bootstrap (79 million times). In the report, Vue.js was found to have four vulnerabilities, but it has all been fixed; Bootstrap contains seven cross-site scriptings (XSS) vulnerabilities, three of which were disclosed in 2019, and there is currently no security fix or upgrade path. In jQuery, the six vulnerabilities that have been tracked to date affect all versions, four of which are intermediate-level cross-site scripting vulnerabilities, one is a medium-level Prototype Pollution and the other is a low-level Denial of service vulnerability.
According to W3Techs, websites using jQuery v1.x accounted for 84%, which led to four medium-level XSS vulnerabilities. In the Snyk report, jquery.js is a malicious package that has been downloaded 5,444 times in the past 12 months, and its severity is as high as the malicious versions of the other two open-source community modules (jquery-airload 322 downloads and github- Jquery-widget 232 downloads).
In recent years, some people think that jQuery is no longer popular, and according to reports, it still has high downloads, the reasons may be as follows:
- Currently, it has a lot of tutorials, existing websites, and software, etc.
- jQuery related plugins are very rich, and many new js frameworks also support jQuery.
- A large number of programmers have used jQuery, familiar with its syntax and functions, and will continue to use it later.