lodash
Lodash modular utilities.
About
Lodash modular utilities.
Live mirror of the GitHub README. Updated whenever the repo's default branch changes.
lodash v4.18.1
Site | Docs | FP Guide | Contributing | Wiki | Code of Conduct | Governance | Twitter | Chat
[!IMPORTANT] As announced on the OpenJS Foundation blog, Lodash has received support from the Sovereign Tech Agency and will transition to the Feature-Complete maturity stage so that it remains stable, secure, and sustainable long-term. As part of this effort, Lodash is rebooting its governance. A draft charter will be published shortly. The upcoming Technical Steering Committee (TSC) is already at work. For transparency, its members are listed in GOVERNANCE.md.
The Lodash library exported as a UMD module.
Generated using lodash-cli:
$ npm run build
$ lodash -o ./dist/lodash.js
$ lodash core -o ./dist/lodash.core.js
Download
Lodash is released under the MIT license & supports modern environments.
Review the build differences & pick one that’s right for you.
Installation
In a browser:
<script src="lodash.js"></script>
Using npm:
$ npm i -g npm
$ npm i --save lodash
In Node.js:
// Load the full build.
var _ = require('lodash');
// Load the core build.
var _ = require('lodash/core');
// Load the FP build for immutable auto-curried iteratee-first data-last methods.
var fp = require('lodash/fp');
// Load method categories.
var array = require('lodash/array');
var object = require('lodash/fp/object');
// Cherry-pick methods for smaller browserify/rollup/webpack bundles.
var at = require('lodash/at');
var curryN = require('lodash/fp/curryN');
Why Lodash?
Lodash makes JavaScript easier by taking the hassle out of working with arrays,
numbers, objects, strings, etc. Lodash’s modular methods are great for:
- Iterating arrays, objects, & strings
- Manipulating & testing values
- Creating composite functions
Module Formats
Lodash is available in a variety of builds & module formats.
Quick facts
npm install lodashHow Sourcemap Explorer detects lodash
We catch lodash from two complementary signals: bundled source paths and the embedded package.json. Modern bundlers (webpack, Vite, esbuild, Rollup, Turbopack) preserve the original node_modules/lodash/ paths inside the JavaScript sourcemap's sources[] array — that's the canonical signal. When the matching package.json is also captured in sourcesContent[], we read the exact version field — patch number included. No regex guessing, no version inference.
- 1
Confirm the site exposes sourcemaps
In DevTools Network, check the response headers of any application script for `SourceMap` or `X-SourceMap`. Failing that, fetch the script's last 4 KB and look for a `//# sourceMappingURL=` comment.
- 2
Find the package in the bundle
Open DevTools → Network → reload. Click any application script and look at its sourcemap. Inside, search `sources[]` for entries matching `node_modules/lodash/` — every match confirms the package is bundled. The matching `sourcesContent[i]` for `node_modules/lodash/package.json` gives you the exact installed version.
- 3
Read the version directly from package.json
Run `jq -r '. as $m | $m.sources | to_entries[] | select(.value | endswith("node_modules/lodash/package.json")) | $m.sourcesContent[.key] | fromjson | .version' bundle.js.map`. Sourcemap Explorer automates the same query in the popup.
Recent versions
FAQ
What is lodash used for?
Lodash modular utilities.
How can I tell if a website is using lodash?
Open the page in Chrome with the Sourcemap Explorer extension installed and read the Stack tab. We catch `lodash` from two complementary signals: `node_modules/lodash/` paths inside the JavaScript sourcemap, and the embedded `package.json` we read for exact-version detection. Without the extension you can do the same lookup manually in DevTools — the steps are listed in the "How Sourcemap Explorer detects" section above.
What is the latest version of lodash?
4.18.1, as published on the npm registry. The "Recent versions" table on this page lists the most recent 8 releases with their release dates. Sourcemap Explorer reports the version actually bundled into a site, which can lag the latest release by months on real-world deployments.
Where can I read more?
Project homepage: https://lodash.com/. Source code: https://github.com/lodash/lodash. Published on npm: https://www.npmjs.com/package/lodash. Licensed as MIT.
Detected by Sourcemap Explorer
When a bundle ships sourcemaps, we read the embedded package.json for lodash and report the precise version. Without sourcemaps, an import / require in the page's scripts is enough to flag it.