![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
If you happen to be developing websites using the polyfill.io
javascript library, drop everything and DELETE IT NOW! The domain was
purchased by what's said to be a Chinese malware organization, which is
using the library to redirect users to sport betting websites. More at
@ solarbird | if you use polyfill dot io, stop RIGHT NOW and read this @ Renaud Chaput: "polyfill.io malware injection" - Oisaur @ Remove Polyfill.io code from your website immediately • The Register @Polyfill.io JavaScript supply chain attack impacts over 100K sites
... and a tip of the hat to solarbird, who put me on to this.
If you develop websites using a framework or javascript library but you're not sure what a polyfill is, search your codebase for the string "polyfill.io". Then look it up and either eliminate it as a dependency, or find a different place to fetch it from.
This, BTW, is one more reason to like Chris Ferdinandi's's Daily Developer Tips | Go Make Things.