Jan 31, 2020

Zombie JavaScript and the web of undying libraries

Zombie JavaScript

Cloudflare, a web infrastructure company known for its content delivery network services, recently analyzed the typical lifespans of JavaScript resources across the web. According to its analysis, most websites never even bother to update their JavaScript libraries.

Cloudflare collects valuable data. Cloudflare helps run CDNJS, a popular tool that lets developers easily include web development resources—like JavaScript libraries—in their web apps. Cloudflare then collects anonymized data to better understand what libraries are frequently requested and from what sites.

What does the data reveal? JavaScript libraries are almost never updated once installed. Even more worrisome, new versions of libraries often don’t lead to a decrease in use—known as the deprecation rate—of older versions.

Cloudflare focused its analysis on jQuery, the most popular JavaScript library in the world used by more than 70% of the 10 million most popular websites. Cloudflare found that despite the release and rapid growth of new jQuery versions in early 2019, older versions did not show an accelerated decline in usage throughout the rest of the year.

Instead, usage of older jQuery versions consistently saw deprecation rates of just 20% per year.

Why? Assuming that the average website lasts between two and four years, that means most deprecation is caused by major website changes or overhauls, rather than incremental upgrades.

In other words, most websites don’t upgrade their JavaScript dependencies until they’re completely rebuilt.

What can we do? Cloudflare’s research raises questions about how developers can keep the web updated and how much effort should be spent supporting so much legacy software baggage.

Cloudflare is considering ways to reconfigure CDNJS to encourage developers to update and maintain JavaScript libraries more frequently—either automatically or with stronger deprecation notifications. That could redefine how developers use web resources and how such tools evolve.

Want to get more of these in your inbox?

Subscribe for weekly updates from the Software team.