Third-party CDN compromise is a real supply-chain risk. SRI (Subresource Integrity) pins a cryptographic hash to every external script / stylesheet, so a modified payload fails to execute. Audit your coverage.
Read the story behind this tool: Why this tool exists — security stack.