![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mdlbear If you happen to be developing websites using the polyfill.io
javascript library, drop everything and DELETE IT NOW! The domain was
purchased by what's said to be a Chinese malware organization, which is
using the library to redirect users to sport betting websites. More at
@ solarbird | if you use polyfill dot io, stop RIGHT NOW and read this @ Renaud Chaput: "polyfill.io malware injection" - Oisaur @ Remove Polyfill.io code from your website immediately • The Register @Polyfill.io JavaScript supply chain attack impacts over 100K sites
... and a tip of the hat to solarbird, who put me on to this.
If you develop websites using a framework or javascript library but you're not sure what a polyfill is, search your codebase for the string "polyfill.io". Then look it up and either eliminate it as a dependency, or find a different place to fetch it from.
This, BTW, is one more reason to like Chris Ferdinandi's's Daily Developer Tips | Go Make Things.
no subject
Date: 2024-06-26 09:07 pm (UTC)eg the bookmarking service
https://app.raindrop.io
Is .io a problem?
Date: 2024-06-26 10:15 pm (UTC)Not at all. That's a top-level country-code domain just like .au and .uk. In fact it belongs to British Indian Ocean Territory, but it gets used a lot by tech companies.
It's the fully-qualified domain name
polyfill.iothat's a problem.no subject
Date: 2024-06-26 11:44 pm (UTC)See also.