How to do a Javascript library Risk Assessment (after the Lottie debacle)

After the debacle with Lottie a few weeks ago, Enterprise customers wanted a risk assessment of ALL plugin libraries used in their Bubble apps.

What is the potential risk of any other imported JS libraries?

I’ve created a Chrome extension - it lists all the Javascript libraries that your App loads.

https://chromewebstore.google.com/detail/js-library-lister/oindknlkenlfcanfhmgoifleiaomgnjf

Once you’ve installed the Chrome extension “pin” it so you can see its icon in the extension bar. Then navigate through your Bubble app and a list of all the imported js libraries will be captured.

Then you can take that list (cut and paste) and ask ChatGPT about these libraries.

Full details here https://planbbackups.io/js_library_how_to_do_a_risk_assessment

These are the prompts I use.

  • I want to analyse some javascript libraries that my web app used. I will give you a list of libraries to remember.
    Now paste in the list of libraries. Now you can ask ChatGPT about the libraries.
  • Please tell me for each of these libraries, what their purpose is, and how out of date they are.
  • Would any of these libraries be considered risky?
  • List any that are pinned to latest versions.

Video walkthrough

Please comment if you have some improved prompts. :slight_smile:

8 Likes