If you’re using polyfill.io on your sites you should remove the reference asap as the domain is now serving malware. https://sansec.io/research/polyfill-supply-chain-attack

Thats a blast from the past - but I still had it in use in a handful of old projects. All removed now 🙂

CloudFlare now host the script too https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk