I got an error like "EOL/Obsolete Software: LoDash 3.x Detected." What can I do?

This means your application is running LoDash 3.x, which has reached end-of-life and no longer receives security updates. NES for LoDash provides a drop-in replacement to keep your application secure, compliant, and fully supported. Talk to our sales team to explore your options.

Does NES for LoDash help with compliance?

NES for LoDash helps maintain compliance by providing security patches and updates, even for older versions. Additionally, our enterprise-grade SLA stands up to HIPAA, SOC-2, PCI DSS, etc., and ensures your compliance with these standards. Many CVEs may affect LoDash versions like 3.x and 4.x—and we address those for you.

How does licensing work?

When you purchase Never-Ending Support, you acquire a commercial license for the support services. Our pricing model is based on the number of users who will be committing code to the project repo. Users are unnamed and transferable across team members.

How do I install NES for Lodash?

NES for Lodash is designed for easy installation as a drop-in replacement. Switching to NES takes minutes and is as simple as pointing to our private repository. Our installation experts are available to assist with a smooth transition.

Why do I need NES for Lodash?

Using unsupported versions of Lodash exposes your applications to security vulnerabilities and compliance risks. Upgrading can be costly and time-consuming. NES for Lodash allows you to stay on your current version and remain supported until you are ready to upgrade, ensuring your mission-critical legacy applications run safely without a risky refactor.

What Lodash versions does NES support?

NES for Lodash supports versions 4.17.21 and 3.10.1 and can evaluate support at other versions if required by your team. Reach out if we can be of any help to you. We provide ongoing support and patches to keep your applications secure.

Does HeroDevs have an SLA for NES for Lodash?

Yes. Our turn-around times vary based on the severity of the issue. Security-related and data corruption issues are our top priority and will be resolved immediately (same day if possible). We can provide our SLA for your team to review.

Secure drop-in replacements for Lodash versions 3.x, 4.x

NEVER-ENDING SUPPORT FOR
Lodash

Name: NES for Lodash
Brand: HeroDevs
Rating: 5 (36 reviews)

Legacy Lodash versions still function after support ends — but that's not good enough for internal SLAs, CVE disclosures, and security audits.

Never-Ending Support (NES) for Lodash keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.

Patch CVEs, Meet Internal SLAs, Pass Audits — in Minutes.

Get Pricing

View Docs

Solving Real Problems with NES

Lodash powers mission-critical apps across the web, yet the project is effectively unmaintained. Over 1.5 million weekly downloads still come from Lodash 3.x alone, and millions more use outdated patches of v4. But when CVEs appear, you’re on your own. There’s no roadmap, no maintainer response, and no clear future.

Lodash receives ~70 million downloads per week

1.5M+ weekly downloads still come from v3.10.1 — a version over 10 years old

No commits in over 3 months

No Lodash v5.0. No roadmap.
The last security patch was released in 2021.

HeroDevs NES keeps end-of-life versions of Lodash secure and compliant, remediating the concerns of:

Security-Conscious Teams

Get ahead of the CVE backlog without relying on an upstream that no longer patches your version.

Compliance-Driven Organizations

Stay aligned with PCI, HIPAA, and internal audit policies with documented patch support.

Resource-Strained Dev Teams

Keep building new features while we handle the hard parts of legacy maintenance.

Enterprises with Locked-In Infrastructure

When your infrastructure can't jump Lodash versions overnight, we make it safe to wait.

NES for Lodash

is a secure drop-in replacement for

Lodash

and takes just a few minutes to set up.

Step 1

Update your package.json

Step 2

Set up token

Step 3

Install & Run!

What is Never-Ending Support?

Security Fixes

A new version of NES for Lodash will be released each time we find, validate, and fix a security issue.

Drop-In Compatibility

A direct replacement for your framework—no migrations, no rewrites, just ongoing support.

SLA Compliance

HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.

Learn more.

Team of Experts

NES for Lodash is built by dedicated senior-level javascript and security engineers.

Easy to Install

Our simple drop-in replacement means all you have to do is change your package.json and rebuild your project. No code changes or find & replace required.

Intellectual Property Protection

NES for Lodash is not only secure; HeroDevs also offers enterprise-level protection for all products.

Learn more.

Why HeroDevs?

No-Code Change Solution

Requires zero changes to application code, a truly drop-in replacement. HeroDevs essentially outsources the Lodash security upgrade to themselves, minimizing risk and effort for your team.

Professional, Ongoing Support vs. One-Time Fix

We provide a continuous support relationship, proactively handling issues as they arise, unlike a one-off patch.

Expertise and Focus

Our engineers specialize in maintaining legacy open source libraries from a security standpoint resulting in deep knowledge of Lodash for confident patching and testing.

Track Record in LTS

HeroDevs is known for supporting other EOL technologies like AngularJS and Vue 2, demonstrating our ability to keep critical open-source projects secure post-EOL.

Support

Frequently Asked Questions

Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.

View All Products

HeroDevs Blog