In my experience, first-party JavaScript is more likely to be updated so rarely that bugs and exploits are more likely than supply chain attacks. If I heard about NPM getting attacked as often as I hear about CDNs getting attacked, I'd be more concerned.
vxx@lemmy.world 3 months ago
Funny that they want you to allow all java scripts but then criticise first party scripts for being unsave.
I bet [insert random autocrat here] would approve of that message.