This library uses new Function, which is equivalent to the eval function. Under common sense security regimes, both new Function and eval are disallowed, including in the browser using CSP.

If you're under CSP restrictions, don't use the format option. You can either use the default format, or override compareMinX, compareMinY and toBBox methods to support a custom format without eval.

@nhusher if you're interested, we have our own version of rbush here that we slightly modified to get around the CSP limitation, while still retaining the speed of that function.

@photonstorm any reason you decided to fork the library instead of just overriding the methods above? I think switching back to a direct dependency would be beneficial — you would get any potential bugfixes and performance improvements from upstream.

function customRBush(maxEntries) {
    var tree = rbush(maxEntries);
    tree.compareMinX = compareMinX;
    tree.compareMinY = compareMinY;
    tree.toBBox = toBBox;
    return tree;
}
function compareMinX(a, b) { return a.left - b.left; }
function compareMinY(a, b) { return a.top - b.top; }
function toBBox(a) {
    return {
        minX: a.left,
        minY: a.top,
        maxX: a.right,
        maxY: a.bottom
    };
}

@mourner The main reason is because we needed a different way of requiring QuickSelect. You only release new versions once a year (if that) and they're generally really small updates, so it's trivial to manage from our end. If you were in a rapid development cycle then we'd do it differently, but I'm quite glad it's nice and stable and rarely changing.

Note that RBush v3.0 eliminates eval and is fully CSP-compliant. See #93