Polyfill.io compromise
2024-06-26 02:47:29.747763+02 by Dan Lyke 0 comments
Whee! Loading your JavaScript from 3rd party sites may, in fact, be a bad idea... Who could have predicted this?
Sansec Forensicts Team: Polyfill supply chain attack hits 100K+ sites
Chinese company acquired the domain, is sending different results based on HTTP headers, yeah. Beyond the fact that you shouldn't need the Polyfill library because browser makers are really rushing out updates, don't let someone else serve your JavaScript.