The ShortUniqueId constructor contains some eval code.

Inheriting from Function and calling it's constructor violates strict Content-Security-Policy. The only way to use this library with CSP is to set script-src: 'unsafe-eval' which make CSP kind of useless.

Is there a way to remove this eval code without introducing a regression?

Hi @anthony-arnold , thanks for the report!

I think the Proxy object might be our best bet here to refactor that eval out of our code base.

I'll create a branch and test this out, only regression concern (off the top of my head) might be browser support.

I'll keep this issue updated as progress is done 👍

Hi @anthony-arnold, thanks for waiting this long, last night v3.0.5 was released, it should do away with the CSP warning you were getting and introduces no regression.

Cheers 🍻