384,000 sites pull code from sketchy code library recently bought by Chinese firm
384,000 sites pull code from sketchy code library recently bought by Chinese firm
arstechnica.com 384,000 sites pull code from sketchy code library recently bought by Chinese firm
Many website admins, it seems, have yet to get memo to remove Polyfill[.]io links.
![384,000 sites pull code from sketchy code library recently bought by Chinese firm](https://lemmy.world/pictrs/image/98e05239-6fce-4807-bb8c-0f3a854a6739.jpeg?format=webp&thumbnail=256)
You're viewing a single thread.
View all comments
3
comments
And that’s why you don’t use cdns
7 1 ReplyCDNs are extremely helpful for sites being accessible and for load times worldwide.
I’m not sure what this comment is trying to get at.
5 0 ReplyThe issue isn't CDNs. The issue is code that pulls the latest version of a library, opening it up to supply chain attacks like this. The solution would be to specify exact versions of a library to use.
1 1 Reply