New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The bundle has both `use strict` and use non strict code from facebook's regenerator. #344

Open

pankgeorg opened this issue Nov 8, 2023 · 0 comments · May be fixed by #345

pankgeorg commented Nov 8, 2023

To Reproduce
Steps to reproduce the behavior:

Go to npm
Click on Control + F
see both 'use strict' at the top and try{regeneratorRuntime=n}catch(e){Function("r","regeneratorRuntime = r")(n)} (non strict mode)

Expected behavior
The regeneratorRuntime shouldn't be bundled in strict mode (ref)

Screenshots
See #209

Additional context
This prevents anyone from enforcing CSP without unsafe-eval which is... well, unsafe.

The text was updated successfully, but these errors were encountered:

pankgeorg linked a pull request

that will close this issue

chore: update dependencies #345

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment