The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Following the recent spate of sites that started running cryptocash miners on users’ machines, this article makes a compelling case for enacting a CSP on any scripts that you pull directly into your users browser.

https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/