After installing globalize package, in node_modules/globalize/dist/globalize/message.js, we saw new Func() expression. This causes unsafe-eval issue.
Our app has dependency of relative-time package, relative-time package is internally called globalize which is exporting all modules such as date, currency, message, etc.. Then, we saw globalize/dist/globalize/message.js file contains below code snippet with new Func():
if (typeof messages == 'string') { var f = new Function( 'number, plural, select, pluralFuncs, fmt', 'return ' + compileMsg(this, messages)); return f(this.runtime.number, this.runtime.plural, this.runtime.select, this.runtime.pluralFuncs, this.runtime.fmt); }
We are not using message feature at all, so wondering if you can fix this, otherwise please let us know if there is any workaround for it, thanks.
After installing globalize package, in node_modules/globalize/dist/globalize/message.js, we saw new Func() expression. This causes unsafe-eval issue.
Our app has dependency of
relative-time
package,relative-time
package is internally calledglobalize
which is exporting all modules such asdate, currency, message, etc.
. Then, we sawglobalize/dist/globalize/message.js
file contains below code snippet withnew Func()
:if (typeof messages == 'string') { var f = new Function( 'number, plural, select, pluralFuncs, fmt', 'return ' + compileMsg(this, messages)); return f(this.runtime.number, this.runtime.plural, this.runtime.select, this.runtime.pluralFuncs, this.runtime.fmt); }
We are not using message feature at all, so wondering if you can fix this, otherwise please let us know if there is any workaround for it, thanks.