When I use vue-pdf-app in my Vue Chrome extension, nothing can run because eval is used in the source code.
I get errors like:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

And errors like:
Use of eval in "node_modules/vue3-pdf-app/dist/vue3-pdf-app.umd.js" is strongly discouraged as it poses security risks and may cause issues with minification.

My question is why this is used in the source code because I don't want my application to be vulnerable to XSS attacks.

I second this bug. I really like this library but I can't use it because of the issue described here.

It looks like the original issue in pdfjs has been resolved so I wonder if the code can port that fix?