Using the library with vite raises 3 warnings about the use of the `eval` method

[Ennoriel]

When using the library with vite, vite raises 3 warnings about the use of the eval method

use:

import * as lib from "google-libphonenumber";

warnings (Use of eval in "..." is strongly discouraged as it poses security risks and may cause issues with minification):

node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js (38:206): Use of eval in "node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.
node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js (40:350): Use of eval in "node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.
node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js (56:475): Use of eval in "node_modules/.pnpm/google-libphonenumber@3.2.40/node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.

Here are the 3 lines:

goog.ASSUME_ES_MODULES_TRANSPILED=!1;goog.TRANSPILE_TO_LANGUAGE="";goog.TRANSPILER="transpile.js";goog.hasBadLetScoping=null;goog.useSafari10Workaround=function(){if(null==goog.hasBadLetScoping){try{var a=!eval('"use strict";let x = 1; function f() { return typeof x; };f() == "number";')}catch(b){a=!1}goog.hasBadLetScoping=a}return goog.hasBadLetScoping};goog.workaroundSafari10EvalBug=function(a){return"(function(){"+a+"\n;})();\n"};
goog.constructNamespace_(e,d,c!==d):goog.SEAL_MODULE_EXPORTS&&Object.seal&&"object"==typeof d&&null!=d&&Object.seal(d),goog.loadedModules_[e]={exports:d,type:goog.ModuleType.GOOG,moduleId:goog.moduleLoaderState_.moduleName};else throw Error('Invalid module name "'+e+'"');}finally{goog.moduleLoaderState_=b}};goog.loadModuleFromSource_=function(a,b){eval(b);return a};
a=b?[b]:a.getElementsByTagName("SCRIPT");for(b=a.length-1;0<=b;--b){var c=a[b].src,d=c.lastIndexOf("?");d=-1==d?c.length:d;if("base.js"==c.substr(d-7,7)){goog.basePath=c.substr(0,d-7);break}}}},goog.findBasePath_(),goog.Transpiler=function(){this.requiresTranspilation_=null;this.transpilationTarget_=goog.TRANSPILE_TO_LANGUAGE},goog.Transpiler.prototype.createRequiresTranspilation_=function(){function a(g,h){e?d[g]=!0:h()?(c=g,d[g]=!1):e=d[g]=!0}function b(g){try{return!!eval(g)}catch(h){return!1}}

These warnings seem to originate from the goog library but I cannot see it in the dependency tree of google-libphonenumber.

Do you have any idea of where that originates from?

[DanielDwyer]

Any updates on this issue? I am seeing similar warnings/errors:

node_modules/google-libphonenumber/dist/libphonenumber.js (38:206): Use of eval in "node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.
node_modules/google-libphonenumber/dist/libphonenumber.js (40:350): Use of eval in "node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.
node_modules/google-libphonenumber/dist/libphonenumber.js (56:475): Use of eval in "node_modules/google-libphonenumber/dist/libphonenumber.js" is strongly discouraged as it poses security risks and may cause issues with minification.

[DanielDwyer]

In vite.config, here is a workaround that worked for me: add to external, so it's not bundled.

  build: {
    sourcemap: true,
    rollupOptions: {
      external: ['google-libphonenumber'],
      output: {
        manualChunks: {
          vendor: ['vue', 'vuex', 'vue-router']
        }
      }
    }
  },