Other discussion: <a href="https://news.ycombinator.com/item?id=40791829">https://news.ycombinator.com/item?id=40791829</a>
When the "right way" is harder than the "wrong way", you are guaranteed to get things done the "wrong way".<p>CDNs are used, because not using CDNs is made unnecessarily hard.<p>Want a local version locked copy? Select one of the dozen mutually incompatible package managers. Then select one of the dozen buggy and slow mutually incompatibile build systems. Then rewrite your app for CJS or ESM depending on the library, because ESM was made purposefully incompatible.<p>Want to use a CDN? Copy and paste this one line in your HTML.
>Polyfill.io is used by academic library JSTOR as well as Intuit, World Economic Forum, and tons more.<p>> Since February, "this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io,"<p>This kind of attack seems difficult to detect and ruthlessly effective. Imagine how much money they could've made by selling fake Davos tickets.
[dupe]<p>Lots of discussion: <a href="https://news.ycombinator.com/item?id=40791829">https://news.ycombinator.com/item?id=40791829</a>