I’m reading the reports about Polyfill supply chain attack, and a quick grep on files in our OJS install shows that it is called a few times. Does anyone know what impact this will have on users, and what we can do to mitigate?
One of dozens of reports: https://www.theregister.com/2024/06/25/polyfillio_china_crisis/
Hi @Wendy,
“Polyfill” is a generic term, and the polyfill.io
library is a single example of a library providing polyfills for Javascript. I don’t believe the library in question is included in OJS, and in any case, we are not using CDNs for library delivery, but I’ll tag @jardakotesovec for a second opinion.
We do have e.g. https://www.npmjs.com/package/@babel/helper-define-polyfill-provider distributed with OJS, but that’s a different library.
Regards,
Alec Smecher
Public Knowledge Project Team