
The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries - oferzelig
https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/
======
Corrado
It looks like this is being exploited in the wild [0].

[0]
[https://twitter.com/mszustak/status/963322531729018880](https://twitter.com/mszustak/status/963322531729018880)

