https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries A couple of years back as the US presidential campaign was ramping up, the Trump camp did something stupid. I know, we'...