Use of `eval` is unsafe and is disabled on some servers

[louh]

Hi @davidbau, thanks for your work on this package. We'd like to replace our home-grown pseudo-random number generator with your package, but ran into an issue with the use of eval (prior art: issue #46). Allowing eval() is unsafe and for servers that set strict Content Security Policies for scripts, code with eval will not be permitted to run.

The Universal Module Definition uses self to reach the global context in regardless of strict mode in browsers, and this otherwise (for Node). (https://github.com/umdjs/umd/blob/master/templates/returnExportsGlobal.js#L32)

For example:

function a() { console.log(this) }
// a() -> Window

function b() { 'use strict'; console.log(this); }
// b() -> undefined

function c() { 'use strict'; console.log(self); }
// c() -> Window

Would you consider replacing the eval code so that we can use your package in environments where eval is disallowed?

Thanks!

[davidbau]

Open to a good pull request that uses this approach.

[louh]

PR open! Would love to get your review.

[davidbau]

Thanks for the PR! Merged and pushed as 3.0.5.