Fund: Content Security Policy infringing code

Content Security Policy infringing code

This package depends on ajv which internally uses new Function(..., sourcecode), equivalent to eval(). This is documented in their readme.

The result of this is that any package bundling conf (or electron-store) infringes secure CSPs. That is, a CSP without an 'unsafe-eval' directive.

Ideally, a package shouldn't prohibit use of a strict CSP.

Are there any workarounds I'm not aware of that can be documented?
Does this package need to be modularised so that those with no CSP & wanting schema validation can have this functionality?

Sindre Sorhus/conf

Content Security Policy infringing code

How does funding with Polar work?

Backer

Contributor

Maintainer

Sindre Sorhus/conf

Content Security Policy infringing code

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?