[justtosaythanks]

Thanks for posting this! Ok as a web dev who actively cares about user privacy—- can these things accidentally sneak onto my page through npm deps? Or would I need to install them deliberately? If so —— how are they on gov websites??

[t-writescode]

Wild guess: they're part of a default "share buttons" repository that includes the "Share on Twitter, Facebook, Google+" buttons for the page, or something very similar to that.

[aembleton]

Couldn't you just try out your webpage in your browser and see what network calls are being made? That way you can see if you're calling Tiktok or not.