The Snyk report concludes that if you use the following version of jQuery 3.4.0, you are vulnerable to attack.
According to W3Techs, 84% of sites using jQuery v1.x, which results in four medium-level XSS vulnerabilities, are exacerbated by the use of the jQuery extension library, where 13 of them have been identified.
In the Snyk report, jquery.js is a malicious package that has been downloaded 5444 times in the past 12 months, and it is as severe as the malicious versions of the other two open source community modules (jquery-airload 322 downloads and github-jquery-widget 2 32 downloads).
The report also lists three other extension libraries: jquery-mobile, jquery-upload-upload, and jquery-colorbox, which, although containing arbitrary code execution and cross-site scripting vulnerabilities, and no upgrade path to fix them, are in the past More than 340,000 downloads were made in 12 months.
In recent years, it has been suggested that jQuery is no longer popular, and that it still has high downloads, according to reports, for the following reasons:
At present, it also has a large number of tutorials, existing websites and software are used
JQuery-related plug-ins are very rich, and many of the new js frameworks also support jQuery
A large number of programmers have used jQuery, familiar with its syntax and functionality, and will continue to use it later