DOCSLIB.ORG

Analysing the Use of Outdated Javascript Libraries on the Web

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analysing the Use of Outdated Javascript Libraries on the Web Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years. In order to better by websites has not received nearly as much attention. In understand why websites use so many vulnerable or outdated 2014, a series of blog posts presented cursory measurements libraries, we track causal inclusion relationships and quantify highlighting that major websites included known vulnerable different scenarios. We observe sites including libraries in ad hoc libraries ([25], [26], [24]). These findings echo warnings from and often transitive ways, which can lead to different versions of other software ecosystems like Android [3], Java [32] and the same library being loaded into the same document at the same Windows [21], which show that vulnerable libraries continue time. Furthermore, we find that libraries included transitively, or to exist in the wild even when they are widely known to via ad and tracking code, are more likely to be vulnerable. This contain severe vulnerabilities. Given that JavaScript dependency demonstrates that not only website administrators, but also the dynamic architecture and developers of third-party services are management is relatively primitive and corresponding tools to blame for the Web’s poor state of library management. are not as well-established as in more mature ecosystems, these findings suggest that security issues caused by outdated The results of our work underline the need for more thorough JavaScript libraries on the Web may be widespread. approaches to dependency management, code maintenance and third-party code inclusion on the Web. In this paper, we conduct the first comprehensive study on the security implications of JavaScript library usage in websites. We seek to answer the following questions: I. INTRODUCTION The Web is arguably the most popular contemporary • Where do websites load JavaScript libraries from (i.e., programming platform. Although websites are relatively easy to first or third-party domains), and how frequently are create, they are often composed of heterogeneous components these domains used? such as database backends, content generation engines, multiple • How current are the libraries that websites are using, scripting languages and client-side code, and they need to deal and do they contain known vulnerabilities? with unsanitised inputs encoded in several different formats. • Are web developers intentionally including JavaScript Hence, it is no surprise that it is challenging to secure websites libraries, or are these dependencies caused by adver- because of the large attack surface they expose. tising and tracking code? • Are existing remediation strategies effective or widely One specific, significant attack surface are vulnerabilities used? related to client-side JavaScript, such as cross-site scripting (XSS) and advanced phishing. Crucially, modern websites often • Are there additional technical, methodological, or include popular third-party JavaScript libraries, and thus are at organisational changes that can improve the security risk of inheriting vulnerabilities contained in these libraries. For of websites with respect to JavaScript library usage? example, a 2013 XSS vulnerability in the jQuery [13] library Note that the focus of this paper is not measuring the security before version 1.6.3 allowed remote attackers to inject arbitrary state of specific JavaScript libraries. Rather, our goal (and primary contribution) is to empirically examine whether website Permission to freely reproduce all or part of this paper for noncommercial operators keep their libraries current and react to publicly purposes is granted provided that copies bear this notice and the full citation disclosed vulnerabilities. on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author Answering these questions necessitated solving three funda- (for reproduction of an entire paper only), and the author’s employer if the mental methodological challenges. First, there is no centralised paper was prepared within the scope of employment. repository of metadata pertaining to JavaScript libraries and NDSS ’17, 26 February - 1 March 2017, San Diego, CA, USA Copyright 2017 Internet Society, ISBN 1-1891562-46-0 their versions, release dates, and known vulnerabilities. To http://dx.doi.org/10.14722/ndss.2017.23414 address this, we manually constructed a catalogue containing all “release” versions of 72 of the most popular open-source • We present results on the origins of vulnerable libraries, including detailed vulnerability information on a JavaScript library inclusions, which allows us to subset of 11 libraries. Second, web developers often modify contrast the security posture of website developers with JavaScript libraries by reformatting, restructuring or appending third-party modules such as WordPress, advertising or code, which makes it difficult to detect library usage in the tracking networks, and social media widgets. wild. We solve this problem through a combination of static • We show that a large number of websites include and dynamic analysis techniques. Third, to understand why JavaScript libraries in unexpected ways, such as mul- specific libraries are loaded by a given site, we need to track all tiple inclusions of different library versions into the of the causal relationships between page elements (e.g., script same document, which may impact their attack surface. s1 in frame f1 injects script s2 into frame f2). To solve this, • We find existing remediation strategies to be ineffective we developed a customised version of Chromium that records at mitigating the threats posed by vulnerable JavaScript detailed causality trees of page element creation relationships. libraries. For example, less than 3 % of websites could Using these tools, we crawled the Alexa Top 75 k websites fix all their vulnerable libraries by applying only patch- and a random sample of 75 k websites drawn from a snapshot level updates. Similarly, only 1 % of websites use the of the .com zone in May 2016. These two crawls allow us to version-aliasing services offered by JavaScript CDNs. compare and contrast JavaScript library usage between popular and unpopular websites. In total, we observed 11,141,726 inline II. BACKGROUND scripts and script file inclusions; 87.7 % of Alexa sites and JavaScript has allowed web developers to build highly inter- 46.5 % of .com sites used at least one well-known JavaScript active websites with sophisticated functionality. For example, library, with jQuery being the most popular by a large majority. communication and production-related online services such as Analysis of our dataset reveals many concerning facts Gmail and Office 365 make heavy use of JavaScript to create about JavaScript library management on today’s Web. More web-based applications comparable to their more traditional than a third of the websites in our Alexa crawl include at desktop counterparts. In this paper, we focus exclusively on least one vulnerable library version, and nearly 10 % include aspects of client-side JavaScript executed in a browser, not the two or more different vulnerable versions. From a per-library recent trend of using JavaScript for server-side programming. perspective, at least 36.7 % of jQuery, 40.1 % of Angular, 86.6 % of Handlebars, and 87.3 % of YUI inclusions use a vulnerable A. JavaScript Libraries version. Alarmingly, many sites continue to rely on libraries like YUI and SWFObject that are no longer maintained. In fact, In many cases, to make their lives easier, web developers the median website in our dataset is using a library version rely on functionality that is bundled in libraries. For example, 1,177 days older than the newest release, which explains why so jQuery [13] is a popular JavaScript library that makes HTML many vulnerable libraries tend to linger on the Web. Advertising, document traversal and manipulation, event handling, animation, tracking and social widget code can cause transitive library and AJAX much simpler and compatible across browsers. inclusions with a higher rate of vulnerability, suggesting that In the simplest case, a JavaScript library is a plain-text script these problems extend beyond individual
Load more

Recommended publications
  • THE FUTURE of SCREENS from James Stanton a Little Bit About Me
    THE FUTURE OF SCREENS From james stanton A little bit about me. Hi I am James (Mckenzie) Stanton Thinker / Designer / Engineer / Director / Executive / Artist / Human / Practitioner / Gardner / Builder / and much more... Born in Essex, United Kingdom and survived a few hair raising moments and learnt digital from the ground up. Ok enough of the pleasantries I have been working in the design field since 1999 from the Falmouth School of Art and onwards to the RCA, and many companies. Ok. less about me and more about what I have seen… Today we are going to cover - SCREENS CONCEPTS - DIGITAL TRANSFORMATION - WHY ASSETS LIBRARIES - CODE LIBRARIES - COST EFFECTIVE SOLUTION FOR IMPLEMENTATION I know, I know, I know. That's all good and well, but what does this all mean to a company like mine? We are about to see a massive change in consumer behavior so let's get ready. DIGITAL TRANSFORMATION AS A USP Getting this correct will change your company forever. DIGITAL TRANSFORMATION USP-01 Digital transformation (DT) – the use of technology to radically improve performance or reach of enterprises – is becoming a hot topic for companies across the globe. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-02 Companies face common pressures from customers, employees and competitors to begin or speed up their digital transformation. However they are transforming at different paces with different results. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-03 Successful digital transformation comes not from implementing new technologies but from transforming your organisation to take advantage of the possibilities that new technologies provide.
    [Show full text]
  • The Jungle Through Javascript Frameworks
    The jungle through Javascript frameworks. Jonatan Karlsson Henrik Ölund Web Programming Web Programming 2013, BTH, Blekinge institute of 2013, BTH, Blekinge institute of technology technology Advanced topic in Web development, PA1426 Advanced topic in Web development, PA1426 HT15 HT15 Karlskrona, Sweden Karlskrona, Sweden [email protected] [email protected] PA1426 Revision C, Advanced topic in Web development 2015-11-05 Abstract In this article we have planned to dive into Javascripts world where new framework comes out “every day”. We will take the reader into a world where nothing are for granted and everything is a non-standard. In the current situation, there is a [3] tremendous amount of Javascript frameworks ​ and that makes it difficult for a ​ layman to choose the right framework, for the right task and this is something we will try figure out and explain to the reader. Keywords: Javascript, Framework, MV*, Client-side, React, Mithril, Backbone.js, ​ Ember.js 1 PA1426 Revision C, Advanced topic in Web development 2015-11-05 Abstract 1. Introduction 1.1 Background 1.2 Intention 1.3 Method First part Does the framework follow the MV*-pattern? Is the framework popular on google? Have the framework risen in popularity since 2013? Does the framework have any corporation that backs them? Second part 2. Result 2.1 Which frameworks did we select? 2.2 Not included 2.3 React What philosophies have pushed this framework forward? What kind of problem does this framework solve? Which famous products has been created with this framework?
    [Show full text]
  • Glen R. Goodwin [email protected] Laurel, Maryland
    Glen R. Goodwin [email protected] Laurel, Maryland https://arei.net Experience August 2019 to Director of Software Engineering / Lead Engineer, Whitebox Technology, Present Baltimore, Maryland • Lead day to day operations of entire Engineering Directorate including growing team from 5 engineers to 18 engineers. • Designed and implemented entire Engineering department’s communication and process and company culture of Software excellence. • Mentored entire team and individual developers in communication, architecture, engineering best practices, and software quality. • Served as Lead Engineer for Systems Team, responsible for implementing innovative systems to deliver faster, more efficently, and at scale • Served as Lead Experience Engineer fostering and implementing consistent cross product common solutions to better enhance the company brand and the end user expereience. • Designed and delivered technical solutions across the entire company on everything from visualizations to automated conveyance systems. July 2018 to Founder, The Awesome Engineering Company, Laurel, Maryland August 2019 • Started The Awesome Engineering Company to productize personally developed open source solutions. • Developed open source products for NodeJS and modern browsers. October 2013 to Distinguished Software Engineer & Chief Architect for CyberSecurity, SAS July 2018 Institute inc, Ellicott City, Maryland • Chief Architect for the SAS Cybersecurity product line overseeing technical (Converted from VSTI vision from inception to release. employee to parent SAS company in October 2013) • Served as Engineering Lead for User Interface, Services (API), Persistence (ElasticSearch), and Enrichment teams structured around technical layers. • Acted as Lead Researcher for new implementations and technology experiments advising senior management on feasibility and direction • Designed and implemented backend and frontend technologies for the entire product from conception to delivery in multiple languages/frameworks.
    [Show full text]
  • From GWT to Angular: an Experiment Report on Migrating a Legacy Web
    From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application Benoit Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, Mustapha Derras, Stephane Ducasse To cite this version: Benoit Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, et al.. From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application. IEEE Software, Institute of Electrical and Electronics Engineers, In press, 10.1109/MS.2021.3101249. hal-03313462 HAL Id: hal-03313462 https://hal.archives-ouvertes.fr/hal-03313462 Submitted on 4 Aug 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Department: Head Editor: Name, xxxx@email From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application B. Verhaeghe Berger-Levrault, France Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France A. Shatnawi Berger-Levrault, France A. Seriai Berger-Levrault, France A. Etien Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France N. Anquetil Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France M. Derras Berger-Levrault, France S. Ducasse Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France Abstract—Berger-Levrault is an international company that developed applications in GWT for more than 10 years.
    [Show full text]
  • Analysing the Use of Outdated Javascript Libraries on the Web
    Updated in September 2017: Require valid versions for library detection throughout the paper. The vulnerability analysis already did so and remains identical. Modifications in Tables I, III and IV; Figures 4 and 7; Sections III-B, IV-B, IV-C, IV-F and IV-H. Additionally, highlight Ember’s security practices in Section V. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years.
    [Show full text]
  • MASTER THESIS Javascript Frameworks a Qualitative
    MASTER THESIS JavaScript Frameworks A qualitative evaluation and comparison of the dominant factors in Angular and React Abdul Kadir Yorulmaz MSc. in Computer Science & Informatics Supervised by Anders Lassen Department of Computer Science & Informatics June 2, 2020 Abstract The rising number of JavaScript libraries and frameworks that have been developed during the years, gives the experienced and inexperienced practitioners complexity when wanting to commit to a frame- work. Today, a more concrete and analysed evaluation process is lacking for developers in order to make sure a framework fit their needs for the given project’s purpose and size. This thesis explores an evaluation process that can help practitioners determine which framework or library fit their needs for their project, but also choosing the framework that fits best with their experience and preferences when building applications. This study is build on an experiment, where two Todo-list applications were developed via Angular and React. Based on the development process of each application, the framework and library were evaluated via relevant factors that give insights to what to expect from the framework and library in terms of how fast one can learn it, the quality of the documentation, the helpfulness of their communities and the frequency of updates. Through the evaluations, the dominant factors were found for Angular and React, which gave the base for doing the comparative analysis in order to find the differences and similarities between them. By conducting the comparative analysis of the dominant factors within Angular and React, this study gives the indication that Angular gives clear directions when developing and therefore can be well-suited to both experienced developers but also beginners.
    [Show full text]
  • Choosing the Right Javascript Framework for Your Next Web
    Choosing the Right JavaScript Framework for Your Next Web Application by Brandon Satrom © 2017 Progress. All Rights Reserved. All Rights © 2017 Progress. 2018 WHITEPAPER Table of Contents The Current State of Web Frameworks / 3 Tooling Considerations / 22 Evaluation Criteria / 5 UI & Component Libraries / 22 Ecosystem Considerations / 7 IDE & Tooling Support / 23 History & Longevity / 7 Companion & CLI Tools / 24 Popularity / 9 Enterprise Considerations / 26 Corporate Support / 11 Licensing / 26 Community & Ecosystem / 12 Support & Upgrade Paths / 27 Framework Considerations / 13 Security / 29 Getting Started Experience / 13 Talent Pool & Resources / 30 Skill Requirements / 15 Making a Choice / 33 Completeness of Offering / 17 Size & Performance / 18 Beyond the Browser Options / 21 © 2018 Progress. All Rights Reserved. All Rights © 2018 Progress. Progress / Kendo UI 2 The state of web application development has changed drastically in the past ten years. These changes have been spurred on by greater bandwidth for many, more powerful and feature-rich browsers. The result is a thriving web ecosystem with sites, apps and experiences that would have been hard to imagine a decade ago. And yet, for many developers, this ecosystem often feels like a bazaar, stuffed with libraries and frameworks that do anything and everything one could imagine. For every need there are a dozen options to choose from, and with new stalls (libraries) opening every day, it’s no wonder many of us pine for the days when starting a new project was as simple as dropping jQuery in a script tag. The Current State of Web Frameworks There’s no doubt that the web has grown in complexity, and our development tooling options have grown along with it.
    [Show full text]
  • Javascript Frameworks for Modern Web Development the Essential Frameworks, Libraries, and Tools to Learn Right Now Second Edition
    JavaScript Frameworks for Modern Web Development The Essential Frameworks, Libraries, and Tools to Learn Right Now Second Edition Sufyan bin Uzayr Nicholas Cloud Tim Ambler JavaScript Frameworks for Modern Web Development Sufyan bin Uzayr Nicholas Cloud Al Manama, United Arab Emirates Florissant, MO, USA Tim Ambler Nashville, TN, USA ISBN-13 (pbk): 978-1-4842-4994-9 ISBN-13 (electronic): 978-1-4842-4995-6 https://doi.org/10.1007/978-1-4842-4995-6 Copyright © 2019 by Sufyan bin Uzayr, Nicholas Cloud, Tim Ambler This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
    [Show full text]
  • Comparative Analysis of Angularjs and Reactjs
    International Journal of Latest Trends in Engineering and Technology Vol.(7)Issue(4), pp.225-227 DOI: http://dx.doi.org/10.21172/1.74.030 e-ISSN:2278-621X COMPARATIVE ANALYSIS OF ANGULARJS AND REACTJS Anurag Kumar1 and Ravi Kumar Singh2 Abstract- We live in a different era of web, we need better ways to quickly develop and deploy interactive web applications and that is where JavaScript frameworks come to the picture. JavaScript frameworks are the backbone of single page web applications development and provide superpowers to plain HTML and JavaScript. AngularJS and React.js are two most used javascript frameworks in current web development. Both frameworks are used to build interactive single page application. This research paper helps in understanding AngularJS and ReactJS. Keywords – Javascript, AngularJS, ReactJS, Two-way binding, Virtual DOM I. INTRODUCTION JavaScript is a client side scripting language which is used for providing dynamic attributes and features to the HTML webpages .JavaScript was developed for supporting the browser with feature of asynchronous communication, controlling the browser and for user interaction with the web page components. An HTML page is just a static page. JavaScript can make the website more interactive and user- friendliness, JavaScript helps easy navigation of the website and to provides interactivity. Based on JavaScript there are many frameworks are developed and also added many new features for server side scripting. JavaScript has emerged so much in web industry and if you look at the current websites there are no web technologies that are not using JavaScript. JavaScript is a dynamic scripting language, it instruct the browser to make changes to page elements after loading a page.
    [Show full text]
  • Angular Vs React.Js Vs Vue.Js
    EVERYTHING YOU NEED TO KNOW TO MAKE AN EDUCATED DECISION ABOUT YOUR TECHNOLOGY STACK ANGULAR VS REACT.JS VS VUE.JS + Our evaluation of UI Frameworks, Tools & Technologies 2019 3 What’s inside? 1 Preface 3 2 Angular, ReactJS & Vue JS - Comparison 4 3 Angular, ReactJS & Vue JS - Pros & Cons 6 4 Angular, ReactJS & Vue JS - Conclusion 11 5 UI Technoverse 13 a.Frameworks 15 b.Technologies 19 c.Tools 22 2 Are you a front-end superstar, excited to build feature-rich beautiful UI? Join Us 3 STATE OF FRONTEND TECHSTACKS 2019 PREFACE Preface he only constant in the web frontend development landscape is that it is in constant flux year after year. So, it becomes paramount to reevaluate the tools, frameworks, Tlibraries and practices after every few quarters. As of this writing most of the web frontend development happens in either Angular, ReactJS or VueJS. Compared to our previous evaluation in 2018 which only had Angular and ReactJS as major players, now, we also have VueJS with significant traction. As always a direct comparison between Angular, ReactJS and VueJS alone will not be sufficient. So, it will not be an individual comparison but a comparison of their respective ecosystems on the whole. 3 Are you a front-end superstar, excited to build feature-rich beautiful UI? Join Us Angular, React.JS & Vue.JS - Comparison In this section, we compare all three frameworks using a plethora of parameters to highlight how they fare against 2each other. STATE OF FRONTEND TECHSTACKS 2019 COMPARISON Angular ReactJS VueJS Type JavaScript Framework JavaScript Library JavaScript Library Web development and Web development and Web development and Hybrid mobile app Native mobile app Hybrid mobile app Used for development (Ionic) development (React development Native) (Onsen UI) Maintained by Google & Community Facebook & Community Community TypeScript Javascript (Also Javascript (Also Coded in supports Typescript) supports Typescript) Steep learning curve Easier Easiest among the three Ease of Learning since it is an end to end framework.
    [Show full text]
  • Svelte.Js for Modern Front-End Development
    © 2020 JETIR June 2020, Volume 7, Issue 6 www.jetir.org (ISSN-2349-5162) Svelte.js for modern front-end development Vishal1, Dr. Ashwini K. B2 Sixth Semester1, Associate Professor2 Master of Computer Applications RV College of Engineering®, Bangalore, India Abstract These days web applications are used in all sorts of scenarios ranging from Government, Education, Health and Finance etc (1). There are many technical jargons required to create a simple web application, but many frameworks have emerged over the past years to help developers quickly come up with ideas, designs and create complex web interfaces. Although there are many front-end frameworks it is still hard to figure out the coding standards, how the overall build happens and most importantly the performance. Due to this Svelte is an interesting competitor for the front-end market. One of the recently emerging front-end framework is Svelte.js. Svelte is a new approach in building user interfaces. Whereas traditional frameworks like React do the bulk of their work in the browser, Svelte shifts that work into a compile time that happens when you build your app. Which helps developers to create simple code and yet complex web interfaces from scratch, giving more concentration on the design perspective rather than the coding point of view. Keywords Front-end framework, Web application, Svelte.js, Web development, JavaScript. I. INTRODUCTION The past few years of the technological enhancements have grown drastically, improving a big chunk of modern development stages. Web applications have begun from being simple pages that told stories to creating AI integrated intelligent applications that drive our daily life.
    [Show full text]
  • Benchmarking React Library: a Developer Perspective
    Benchmarking React Library: A Developer Perspective Chandana NS 10539269 Department of Information systems with computing Dublin Business School This dissertation is submitted for the degree of Master of Science January 2021 Declaration I hereby declare that except where specific reference is made to the work of others, the contents of this dissertation are original and have not been submitted in whole or in part for consideration for any other degree or qualification in this, or any other university. This dissertation is my own work and contains nothing which is the outcome of work done in collaboration with others, except as specified in the text and Acknowledgements. Chandana NS 10539269 January 2021 Acknowledgements They say research is to see what everybody has seen and to think what nobody has thought. The process not only helps in understanding the subject but also the way we know ourselves. In this remarkable journey, coming from bustling metropolitan city Bengaluru to warm and welcoming city, Dublin has unquestionably shaped my passion for life. Just a few months after entering the town, entering the pandemic period rendered extrovert inside me with an emotional roller coaster ride. Despite the fact, covid has made me realize not to stop improving and never stop 3Gs(Goal, Grow, Glow). I would like to thank my thesis supervisor Salaheddin Alakkari for consistent support and understanding of the work that steered me in the right direction. When my thesis results were precisely the opposite of expected outcomes, his guidance and encouragement supported me to deep dive into the topic, finishing in the anticipated work.
    [Show full text]