I got a warning from Google saying that my website is using Polyfill framework on Google Maps. It advised users to remove Polyfill.io, see link: https://www.kaspersky.com/blog/polyfill-io-service-supply-chain-attacks/51635/

After looking though my codebase(s) I have found other places where the Polyfill framework is used, like PHPMailer (https://github.com/PHPMailer/PHPMailer, click on the composer.json file) and PHP dotenv (https://github.com/vlucas/phpdotenv, click on the composer.json file).

Here is more information on why it’s advised to remove Polyfill, see link: https://github.com/formatjs/formatjs/issues/4363

I contacted the team at PHP dotenv just now, and so I’m still awaiting a response. I may have found a good replacement simply called dotenv, see link: https://github.com/symfony/dotenv. I cannot swear by this solution as I haven’t had the opportunity to try it yet.

The problem is I haven’t found a good alternative to PHPMailer.

Is anyone else facing the same problem? Any solutions yet?

PS: Just how severe is this? To put it short it seems the user can be directed to shady betting websites and/or give up data unwaveringly, right…?