1. 6
  1.  

  2. 3

    FWIW, Subresource Integrity wouldn’t have helped against any aspect of the CDN compromise. But any attacker rewriting a versioned JavaScript file used in other pages would be detected if that other page used SRI