FAQ-000815 - External JavaScript Library Approval / Lightning Locker Service Compatibility

To handle third-party JavaScript libraries that are not compatible with Lightning Locker Service: **Evaluation and Compatibility**: 1. **Evaluate Compatibility**: Check the library's compatibility with Locker Service using Salesforce's documentation and tools. Incompatibility may indicate functional issues rather than direct security concerns. 2. **Use Locker Console**: Validate the security of open-source libraries using Locker Console results to check if the library works with LockerService enabled. **Required Approach**: 1. **Static Resources**: Load the library from the static resources folder of your package instead of external sources like CDNs. This ensures version control and compliance with security requirements regardless of Locker Service compatibility. 2. **Check for Vulnerabilities**: Use tools like Snyk to identify any publicly listed vulnerabilities in the library. **Alternative Solutions**: 1. **Consider Alternatives**: If the library cannot be made compatible, explore alternative libraries that adhere to Locker Service standards. 2. **Seek Guidance**: For libraries that are incompatible with Locker Service and cannot be replaced, it's recommended to open a case with Salesforce to get specific guidance tailored to your situation. **Important Note**: Even if a library is not compatible with Locker Service, it must still be stored in static resources and follow all other security requirements. The incompatibility with Locker Service doesn't exempt the library from standard security practices and requirements.