JavaScript Files and Libraries Review Process

Alert
Third-Party JavaScript

Avoid unnecessary third-party resources: Agencies must not embed static, unchanging web assets, such as a specific version of a common and widely used code library (e.g., JavaScript, CSS, fonts) that are hosted on third-party services not under the control of the agency. Embedding static third-party assets is an outdated practice that no longer confers significant performance benefits, and it creates unnecessary security risks. This restriction only applies to static (unchanging) third-party assets and does not bar the practice of embedding dynamic third-party resources that are necessary for digital service delivery (e.g., analytics services).

Therefore, EPA prohibits the practice of using third-party JavaScript libraries. Exceptions include Google Analytics, CrazyEgg, Foresee, and other analytics software.

OMS maintains a set of JavaScript libraries for your use. Well-known third-party libraries may be added through the process outlined on this page.

If you want to use JavaScript files or libraries on your EPA website, follow these steps to ensure that the files or libraries are safe, secure, and accessible.

Check if the file or library is already approved by EPA.
If the file or library is not approved, request approval from EPA.
1. You will develop and test your code on the Drupal WebCMS development server.
  1. The development server has the same code as the production environment. If you have an account on the production server, you also have an account on the sandbox.
2. Provide the JS files to OMS so that we can load them into the sandbox. A list of dependencies must be provided to OMS so that the JavaScript can be loaded in the correct order on the page. Once the files are available, build your page and code.
Contact the TZ Service Manager in OMS to set up a TZ account to pay for the code review under Working Capital Fund Services. No work can take place until you have a registration id/charge code set up for vetting submitted code.
Wait for EPA to review your request. EPA will check if the file or library meets the following criteria:
- It does not contain any malicious code or vulnerabilities
- It does not conflict with other files or libraries on EPA websites
- It follows the web standards and best practices for JavaScript
- It is compatible with different browsers and devices
- It does not affect the performance or usability of EPA websites
- It supports accessibility for people with disabilities
If EPA approves your request, your code will be uploaded to production, so you can link to it on your production pages.
If EPA denies your request, you will receive an email with the reasons for denial and suggestions for alternatives. You will not be able to use the file or library on your website.

Examples of Using JavaScript for "Small" Applications

Superfund Where you Live dataset has over 1,800 Superfund locations.
Region 1's Charles River Buoy dataset dynamically pulls data from environmental readings and displays the data with Highcharts.
EPA RCRA ID: AKD000643239: This page uses the ID number and this script to query an EPA service at ofmpub.epa.gov/enviro.
Air Data - Tile Plot: This page uses JS to poll a CGI script hosted on www3 and insert that data into the HTML.

JavaScript Files and Libraries Review Process

Alert Alert Third-Party JavaScript

Examples of Using JavaScript for "Small" Applications

Web Policies and Procedures

Alert
Third-Party JavaScript