Polyfill Libraries?

WellStrategic

From a clients security team:

Our security team has recently enhanced their protocols for third-party script implementations due to identified vulnerabilities in certain JavaScript libraries, particularly those utilising Polyfill libraries - which it appears Buttonizer are using: https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/

Before we can proceed with the installation, we require:
Detailed documentation of the application's functionality
Information about their intended service utilisation
Technical specifications for security assessment
This additional documentation will enable our security team to conduct a thorough evaluation and ensure compliance with our current security standards.

Please don't hesitate to reach out if you need any clarification or have additional questions.

Can you please assist.

Thanks

Craig

AaronR

Hello,

Thanks for reaching out! Buttonizer does not use any polyfill.io scripts if that helps. Our legacy version of Buttonizer uses some polyfill files that are not related to polyfill.io (the content of the file are polyfills from 'core-js' npm package).

It's good to know that 'polyfill' is a common word (more info on the MDN web docs) and is not specially related to polyfill.io (which has the vulnerability that you linked). There are many different polyfill files from different sources and maintainers, and none of ours are from polyfill.io.

Hope that helps!