How does licensing work?

When you purchase Lodash NES, you acquire a commercial license. Our pricing model is based on the number of users that will be committing Lodash code to the project repo. Users are unnamed and transferable across team members.

Does HeroDevs have an SLA for Lodash NES?

Yes. Our turn-around times vary based on the severity of the issue. Security-related and data corruption issues are our top priority and will be resolved immediately (same day if possible). We can provide our SLA for your team to review.

What Lodash versions does NES support?

Lodash NES supports versions 4.17.21 and 3.10.1 and can evaluate support at other versions if required by your team. Reach out if we can be of any help to you. We provide ongoing support and patches to keep your applications secure.

Why do I need Lodash NES?

Using unsupported versions of Lodash exposes your applications to security vulnerabilities and compliance risks. Upgrading can be costly and time-consuming. NES for Lodash allows you to stay on your current version and remain supported until you are ready to upgrade, ensuring your mission-critical legacy applications run safely without a risky refactor.

How do I install Lodash NES?

Lodash NES is designed for easy installation as a drop-in replacement. Switching to NES takes minutes and is as simple as pointing to our private repository. Our installation experts are available to assist with a smooth transition.

Secure drop-in replacements for Lodash versions 3.x, 4.x

Lodash NES

Name: Lodash
Brand: HeroDevs
Rating: 5 (36 reviews)

Lodash Never-Ending Support (NES) keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.

‍Patch CVEs, Meet Internal SLAs, Pass Audits — in Minutes.

Get Pricing

View Docs

Talk to our Experts

Solving Real Problems with NES

Lodash powers mission-critical apps across the web, yet the project is effectively unmaintained. Over 1.5 million weekly downloads still come from Lodash 3.x alone, and millions more use outdated patches of v4. But when CVEs appear, you’re on your own. There’s no roadmap, no maintainer response, and no clear future.

Lodash receives ~70 million downloads per week.

1.5M+ weekly downloads still come from v3.10.1 — a version over 10 years old.

No commits in over 3 months.

No Lodash v5.0. No roadmap.
The last security patch was released in 2021

HeroDevs NES keeps end-of-life versions of Lodash secure and compliant, remediating the concerns of:

Security-Conscious Teams

Get ahead of the CVE backlog without relying on an upstream that no longer patches your version.

Compliance-Driven Organizations

Stay aligned with PCI, HIPAA, and internal audit policies with documented patch support.

Resource-Strained Dev Teams

Keep building new features while we handle the hard parts of legacy maintenance.

Enterprises with Locked-In Infrastructure

When your infrastructure can't jump Lodash versions overnight, we make it safe to wait.

Lodash NES

is a secure drop-in replacement for

Lodash

and takes just a few minutes to set up.

Step 1

Update your package.json

Step 2

Set up token

Step 3

Install & Run!

What is Never-Ending Support?

Security Fixes

A new version of Lodash NES will be released each time we find, validate, and fix a security issue.

Drop-In Compatibility

A direct replacement for your framework—no migrations, no rewrites, just ongoing support.

SLA Compliance

HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.

Learn more.

Team of Experts

Lodash NES is built by dedicated senior-level javascript and security engineers.

Easy to Install

Our simple drop-in replacement means all you have to do is change your package.json and rebuild your project. No code changes or find & replace required.

Intellectual Property Protection

Lodash NES is not only secure; HeroDevs also offers enterprise-level protection for all products.

Learn more.

Why HeroDevs?

No-Code Change Solution

Requires zero changes to application code, a truly drop-in replacement. HeroDevs essentially outsources the Lodash security upgrade to themselves, minimizing risk and effort for your team.

Professional, Ongoing Support vs. One-Time Fix

We provide a continuous support relationship, proactively handling issues as they arise, unlike a one-off patch.

Expertise and Focus

Our engineers specialize in maintaining legacy open source libraries from a security standpoint resulting in deep knowledge of Lodash for confident patching and testing.

Track Record in LTS

HeroDevs is known for supporting other EOL technologies like AngularJS and Vue 2, demonstrating our ability to keep critical open-source projects secure post-EOL.

SUPPORT

Frequently Asked Questions

Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.

Defeat Your Technical Villains

Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!

NES Products Pro Services