Skip to content
StackPatrol
All vendors
JS Library / CDN

polyfill.io

China-ownedChinaVerified June 2026
Vendor site

Polyfill service. Sold to Funnull in 2024 and used to deliver malware: treat as compromised; remove and self-host.

SECURITY: Active supply-chain risk since Feb 2024. Cloudflare and Fastly run safe mirrors.

Detected by domain patterns

polyfill.iopolyfill.com

European alternatives

polyfill-fastly.iopolyfill-fastly.netSelf-hosted core-js

GDPR & Data Residency

polyfill.io is owned by a Chinese company. China's National Security Law (NSL) and Data Security Law (DSL) may require Chinese companies to disclose data to government authorities. This presents a significant compliance risk under GDPR for European users' personal data.

High risk: GDPR Chapter V does not recognise China as an adequate country for data transfers. Embedding polyfill.io on your site may constitute a high-risk data transfer without a lawful basis.

Does your website use polyfill.io?

Run a free StackPatrol scan to see all third-party services on your front page.

Need a full site audit?

More in JS Library / CDN

jQuery CDN
US-owned
United States
BootstrapCDN
US-owned
United States
UNPKG
US-owned
United States
esm.sh
Unknown
Global
Skypack
US-owned
United States
Iconify
Unknown
Global