The Trojan Source attack is a type of vulnerability that exploits Unicode bidirectional control characters to inject malicious source code into an otherwise benign codebase, making it difficult for traditional code editors and code review practices to detect. The attack relies on reviewers confusing obfuscated malicious source code with comments. To mitigate this attack, the authors suggest that code editors and IDE software should be fixed to visually highlight these characters, as well as compilers that warn users against them. Additionally, a new npm package called anti-trojan-source scans for bidirectional unicode characters in source code, and an ESLint plugin has been created to detect and prevent Trojan Source attacks in JavaScript codebases. Several types of abusing bidirectional control characters to inject malicious code into source are described, including Commenting-Out, Stretched String, Invisible Functions, and Homoglyph Function. The ecosystem is mitigating this attack by releasing versions of IDEs such as VS Code that highlight these characters and GitHub publishing warnings for visualized code bases. However, compilers and language runtimes have not yet updated their compiler to deny unicode characters, effectively transitioning the risk to code editors and humans who need to be more careful when reading code and performing code review processes.