[Chernobog]

I would just add some console.log message explaining the issue you have with hotlinking the script. This will not disrupt users, but anyone who fires up their devtools will see that the site is getting shamed. And if their devs care just a little bit, I think they will find it embarrassing enough to host the script themselves.

Correct me if I simply have missed it, but is there an official NPM package available? I have seen https://www.npmjs.com/package/sorttable and perhaps some of the sites would drop the script tag if "npm install --save-dev sorttable.js" is in the instructions and they have a build step for their JS anyway. Just thinking out loud.

[than3]

I've found that companies where they've done this (hotlinked) often have incompetent or overburdened people, and this shaming wouldn't even register.

Hotlinking code like that though is just plain stupid from the liability perspective. If they are a business, they should be worried about 3rd-party liability.

The fact that they are doing this makes the website hosting the script, a nice juicy target for watering hole/supply chain attacks.

What are they going to do if that happens? Its not like business insurance will cover that.

[ericmcer]

Couldn’t you take it a step further and literally just do if(!location.pathname=== mysite) alert()

[metadat]

Clever idea. Unfortunately the real hotlinking bandwidth bandit hog is images.