unsafe-eval question

[davidsmith2]

I work for a US government contractor. Our client's IT department is disallowing the use of this extension for the following reason:

The presence of “unsafe-eval” on the extension’s source code indicates that the extension can be used to execute source code.

This appears to be defined in the extension's manifest.json CSP definition:

redux-devtools-extension/src/browser/extension/manifest.json

Line 64 in c220fd1

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src 'self' data:;",

Curious if any other potential users of the extension had run into this obstacle?

[Methuselah96]

Closing since this repo is no longer active and the question was also asked here.