Is anyone going to bother crawling through all dependents of this library, extracting the package.json descriptions to find the proper key to decrypt the string and find out which package was being targeted?
I recommend uMatrix. At first it will take a few minutes to understand how it works, though.
You can turn on and off images, css, scripts, XHR, etc, for individual sites or globally.
I use it in that manner, with scripting off by default. If I am visiting a new site that needs javascript, I gradually whitelist specific bits until it works and then "save" those settings for that domain.
Once you start using uMatrix, be prepared to never view the internet the same way again. The sheer quantity of malicious clientside traffic is stunning.
