OWASP: Third Party JavaScript Management Cheat Sheet
The invocation of third-party JS code in a web application requires consideration for 3 risks in particular: 1. The loss of control over changes to the client application, 2. The execution of arbitrary code on client systems, 3. The disclosure or leakage of sensitive information to 3rd parties.
Source: cheatsheetseries.owasp.org