Can’t find my thread to update it, but after a Chinese company acquired Polyfill.io last year (embedded in over 100k websites), it has started serving malware to users of said websites - prepare to be surprised.
sansec.io/research/polyfill-su…
Polyfill supply chain attack hits 100K+ sites
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.Sansec