Phylum#OpenSource libs routinely use polyfill.io. Just bc you arent using the compromised #CDN directly, one of your deps might be. We put together a list of recently released pkgs that ref polyfill.io!
A Note About Polyfill
Background On July 25, 2024, Sansec issued an alert to developers regarding a serious supply-chain security incident. The CDN on the polyfill[.]io domain was found to be serving malware in a highly sophisticated manner designed to evade detection. The issue traces back to February 2024, when a Chinese company