Supply chain threats are growing. Most concerningly, it seems more and more like we’re dealing with nation level threats taking over small unmaintained open source projects. Once again, I’ve got to start by talking about Tidelift being the only company focusing on the real problem here - helping companies treat maintainers like the contractors/vendors they are. If maintainers had any financial ben
![Understanding the Polyfill Attack (Polykill)](https://cdn-ak-scissors.b.st-hatena.com/image/square/5e8a68eb241460494e5ef8b7a63d8f5eb8608085/height=288;version=1;width=512/https%3A%2F%2Fsubstackcdn.com%2Fimage%2Ffetch%2Fw_1200%2Ch_600%2Cc_fill%2Cf_jpg%2Cq_auto%3Agood%2Cfl_progressive%3Asteep%2Cg_auto%2Fhttps%253A%252F%252Fsubstack-post-media.s3.amazonaws.com%252Fpublic%252Fimages%252Ffc53d665-2585-4819-974e-c597eee93612_864x375.png)