Understanding the Polyfill Attack (Polykill)
Supply chain threats are growing. Most concerningly, it seems more and more like we’re dealing with nation level threats taking over small unmaintained open source projects. Once again, I’ve got to start by talking about Tidelift being the only company focusing on the real problem here - helping companies treat maintainers like the contractors/vendors they are. If maintainers had any financial ben
polyfill.ioを使うのは危険かもしれない(危険だった) - Qiita
TL;DR 2024/06/26 実害が出ているようです、polyfill.ioを利用している場合は直ちに利用を止めましょう。 GIGAZINE: JavaScriptライブラリ「Polyfill.io」にマルウェアが混入され10万以上のサイトに影響 Codebook: Polyfill.io使ったサプライチェーン攻撃でサイト10万件以上に影響 polyfill.ioから配信されるスクリプトが汚染される環境下にあり、危険な可能性があります。利用している方がいらっしゃいましたら外しておくことをおすすめします。または安全なバージョンのものがCloudflareとFastlyから利用できるので、ドメインをpolyfill-fastly.netやpolyfill-fastly.ioに変更して利用しましょう。 背景 自社で使用しているマーケティングプラットフォームサービスで作成したWebページをGo
Polyfill supply chain attack hits 100K+ sites
by Sansec Forensics Team Published in Threat Research − June 25, 2024 The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites. Update June 28th: We are flagging more domains that have been used by the same actor to spread malware since at least June 2023: bootcdn.net, bootcss.com, staticfile.net, staticfile.org, unionadjs.com, xhsbpza.com, union.m
Explicit Resource Management: Exploring JavaScript's and TypeScript's new feature | iliazeus
Explicit Resource Management: Exploring JavaScript's and TypeScript's new feature 2023-11-13 en CC BY-SA 4.0 read in russian One of my favorite new features of JavaScript and TypeScript is explicit resource management. It brings new syntax, using foobar = ..., that enables RAII, reducing boilerplate when managing the lifecycle of various resources. In this article, I will explore this feature as i
GitHub - guybedford/es-module-shims: Shims for new ES modules features on top of the basic modules support in browsers
Polyfills import maps and other ES Modules features on top of the baseline native ESM support in browsers. With import maps now supported by all major browsers, ES Module Shims entirely bypasses processing for the 74% of users with native import maps support. For the remaining users, the highly performant (see benchmarks) production and CSP-compatible shim kicks in to rewrite module specifiers dri
A horrifying globalThis polyfill in universal JavaScript · Mathias Bynens
The globalThis proposal introduces a unified mechanism to access the global this in any JavaScript environment. It sounds like a simple thing to polyfill, but it turns out it’s pretty hard to get right. I didn’t even think it was possible until Toon blew my mind with an unexpected, creative solution. This write-up describes the difficulties with writing a proper globalThis polyfill. Such a polyfil
JSerレポート #2: Node.jsコアモジュールとBundler(webpackなど)によるpolyfillのギャップ - JSer.info
Polyfill のあり方と Web の進化と協調するためのガイドライン | blog.jxck.io
Polyfills and the evolution of the Web
Polyfills are a valuable part of Web architecture, because they promote the adoption of new features during the implementation process. However, polyfills can also create problems for standardization efforts and therefore for the future of the Web. This document defines the risks, benefits, and role of polyfills on the Web, and proposes best practices for implementors, spec editors, website develo
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
GitHub - es-shims/DisposableStack: An ESnext spec-compliant `DisposableStack`, `AsyncDisposableStack`, `Symbol.dispose`, and `Symbol.asyncDispose` shim/polyfill/replacement that works as far down as ES3.
GitHub - SukkaW/nolyfill: Speed up your package installation process, reduce your disk usage, and extend the lifespan of your precious SSD.
GitHub - sinnaj-r/esbuild-plugin-node-polyfills: Provides NodeJS Polyfills similar to Webpack's "node" option
@esbuild-plugins/node-globals-polyfill
State and governance of the project? · Issue #767 · zloirock/core-js
GitHub - matthew-andrews/isomorphic-fetch: Isomorphic WHATWG Fetch API, for Node & Browserify
Release 3.0.0-beta.4 - 2018.12.04 · zloirock/core-js · GitHub
GitHub - mozilla/webextension-polyfill: A lightweight polyfill library for Promise-based WebExtension APIs in Chrome
fs.promises
GitHub - ljharb/util.promisify: Polyfill/shim for util.promisify in node versions < v8
GitHub - developit/unfetch: 🐕 Bare minimum 500b fetch polyfill.
