Web Application Security

Analysis of JavaScript Library Popularity

Ask any member of WhiteHat’s Threat Research Center, “What is the most popular JavaScript library on the Web?”, and you’re likely to get a strange look and a response along the lines of, “jQuery, duh!”  Ask what the second most popular library is and you’ll start to get a bit more variety in the responses: “Prototype? Mootools? YUI?” It seems that once you get beyond the obvious popularity of jQuery, nobody really knows for sure which library comes next. The search engines  aren’t much help either, because their own lists disagree and are only ranked rather than quantified. The thousands of SEO fodder pages that describe the pros and cons of the “Top Ten JavaScript Libraries” won’t get you any meaningful quantification of JavaScript library usage on today’s Web.

Let’s change that, shall we?

You’ve probably guessed by now that I’ve done some research that aims to quantify JavaScript library usage, and that I’m going to share it with you here. Before I do that, however, I want to qualify the data I used. I achieved the rankings in the chart below by reviewing all JavaScript files that WhiteHat Sentinel requested over the past 30 days. Sentinel does not automatically request any files hosted by a content delivery network or other off-domain resources; therefore, these types of libraries are excluded in this data. Any scripts included via a non .js file extension are also excluded, which most likely accounts for the low ranking of the two Microsoft libraries. I also excluded all tracking scripts and any JavaScript frameworks designed to do MV* “single-page” application architecture. Considering the extent of these “exclusion” factors, I believe that the percentages in the chart are probably low in every category, but that the relative popularity should be reasonably accurate (with the exception of the Microsoft libraries).

This data was collected as part of our research into expanding Sentinel Source support into the JavaScript language and its many libraries and frameworks. At WhiteHat, we have the advantage of being able to access real-world application data that supports and guides our new security developments, insuring that customers get the most bang for their security buck.