OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

How do you detect if a big npm Codebase uses Polyfill.io somewhere?

  • Thread starter Thread starter telion
  • Start date Start date
T

telion

Guest
Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6

I now need to find it my codebase:

I used: grep -r "polyfill.io" to quickly find the obvious and I checked the Network Traffic of the website.

Network Traffic is however not an exhaustive method to find every polyfill.

How do I efficiently check:

  • npm subdependencies
  • dynamically loaded polyfills?

<p>Polyfill.io is malicious: <a href="https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6" rel="nofollow noreferrer">https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6</a></p>
<p>I now need to find it my codebase:</p>
<p>I used: grep -r "polyfill.io" to quickly find the obvious and I checked the Network Traffic of the website.</p>
<p>Network Traffic is however not an exhaustive method to find every polyfill.</p>
<p>How do I efficiently check:</p>
<ul>
<li>npm subdependencies</li>
<li>dynamically loaded polyfills?</li>
</ul>
 

Latest posts

Top