Richard Stallman writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > "Note: To be PCI compliant, you must load Stripe.js directly from > > https://js.stripe.com. You cannot include it in a bundle or host > > it yourself. This package wraps the global Stripe function > > provided by the Stripe.js script as an ES module." > > That is hard for me to understand, since I don't know what "PCI > compliant" means (or who is expected to comply with "PCI" or why). PCI compliance is a requirement by the credit card industry: https://www.investopedia.com/terms/p/pci-compliance.asp Companies that follow and achieve the Payment Card Industry Data Security Standards (PCI DSS) are considered to be PCI compliant. The PCI Security Standards Council is responsible for developing the PCI DSS. PCI DSS has 12 key requirements, 78 base requirements, and 400 test procedures to ensure that organizations are PCI compliant. Being PCI compliant reduces data breaches, protects the data of cardholders, avoids fines, and improves brand reputation. PCI compliance is not required by law but is considered mandatory through court precedent. > Also, what is a "ES module" and what are the implications of that? ES module (EcmaScript modules) is just the term for the module system in Javascript. https://hacks.mozilla.org/2018/03/es-modules-a-cartoon-deep-dive/ > I wonder if users could run the free version of that JS code > while talking with Stripe. You could try replacing it in your browser. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de