ES5 build breaks violates CSP for unsafe-eval

[maxmorlocke]

The current ES5-friendly build distributed through NPM breaks content security policies due to the reliance on regeneratorRuntime to replace async/await functions. This breaks chrome extensions, even those that follow the suggestions to set checkProtocolTask et al to null. Would it be possible to include two builds in the dist - one for modern browsers (e.g. es6+) and one for legacy browsers (e.g. es5)? This was the solution used by pdf.js:

https://github.com/mozilla/pdf.js/issues/11036#

this of course sources from the es5 build:

https://unpkg.com/browse/[email protected]/dist/analytics.js

[DavidWells]

Hey there!

Thanks for the report on this.

I've been trying to refactor all the package builds to use microbundle but running into some quirks with how it handles default exports 😅

There is a es6 module packaged in https://unpkg.com/browse/[email protected]/lib/ will that work for your application?

[DavidWells]

Looks like this is an ongoing issue for the regenerator polyfill https://github.com/facebook/regenerator/issues/378

[maxmorlocke]

It looks like everything in lib is still being transpiled to include the regeneratorRuntime, so I'm still getting errors:

grep -c regenerator node_modules/@analytics/core/lib/*.js node_modules/@analytics/core/lib/analytics.browser.cjs.js:27 node_modules/@analytics/core/lib/analytics.browser.es.js:27 node_modules/@analytics/core/lib/analytics.cjs.js:27 node_modules/@analytics/core/lib/analytics.es.js:27

Am I missing something?

[olivierbeaulieu]

I'm also experiencing this issue - and it doesn't seem like any of the proposed solutions are working - I'm using the latest analytics.browser.es.js.

[DavidWells]

Just updated all of the build deps.

Can ya'll try again with latest [email protected]

I'm hoping this fixes the issue