csp icon indicating copy to clipboard operation
csp copied to clipboard
verified publisher icon frux

csp-header package is not treeshakable.

Open alexandersorokin opened this issue 7 months ago • 0 comments

I'm using the csp-header package in a browser environment to dynamically build Content Security Policies, which are then included in child iframes via meta tags.

Currently, the package only provides an CommonJS version, which prevents Vite and Rollup from tree-shaking unused code. This results in unnecessary constants being included in the final bundle.

Would you consider:

  1. Adding native ESM support (e.g., through .mjs files)?
  2. Or providing a dual CJS/ESM build (for example via the exports field or the module field in package.json)?

alexandersorokin avatar Jul 05 '25 11:07 alexandersorokin