Major risks

According to OWASP, "The invocation of 3rd party JS code in a web application requires consideration for 3 risks in particular:

1. The loss of control over changes to the client application,
2. The execution of arbitrary code on client systems,
3. The disclosure or leakage of sensitive information to 3rd parties."

Read on:
https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet