Problem with polyfill.io in CREST web page?

[nom05]

Dear web page owners,

I just wanted to let you know that when I'm browsing the internet, I usually use a JavaScript blocker extension called NoScript. I work in the field of quantum chemistry, and I was checking your website about the CREST software. The problem of your web site (https://crest-lab.github.io/) is I'm not sure if there is a problem with a Javascript module you use, according to these links:

https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/

https://www.theregister.com/2024/06/25/polyfillio_china_crisis/

https://www.kaspersky.com/blog/polyfill-io-service-supply-chain-attacks/51635/

These links explain a supply chain attack on Polyfill.io that affected over 100k sites. I think Polyfill.io is used on your website, according to my NoScript extension. I just wanted to flag this to you in case you hadn't heard. I hope you don't mind me asking, but I'm just wondering if the web page is secure?

Best regards

[pprcht]

It doesn't seem to be anything that could be exploited. I think it was in the default layout of the GH pages setup I used. However, I'm no web developer so not 100% sure.

I removed the polyfill.io call from the HTML template and the site still seems to build and function fine, so hopefully the JS blocker won't trigger anymore.