Lightning Locker

Lightning Locker is a security architecture for Lightning components. It provides component isolation and security that allows code from many sources to execute and interact using safe, standard APIs and event mechanisms.

In Spring ’22, Salesforce introduced Lightning Web Security (LWS), a new architecture designed to make it easier for your components to use secure coding practices. LWS is enabled by default for all orgs created in Winter ’23 and later. As of Summer ’23, LWS for Lightning web components and Aura components is generally available for all orgs.

Lightning Locker remains the default Lightning component security architecture in orgs created before Winter ’23. Unless LWS is enabled instead, Lightning Locker is enabled by default for all Lightning components on API version 39.0 and later, and you can't disable Lightning Locker for these components.

If possible, we recommend that you enable LWS instead of remaining on Lightning Locker. First test LWS in a sandbox environment, and then in production. For a comparison of the features that LWS and Lightning Locker support, see How Lightning Web Security Compares to Lightning Locker.

See Also