I'm using the csp-header package in a browser environment to dynamically build Content Security Policies, which are then included in child iframes via meta tags.
Currently, the package only provides an CommonJS version, which prevents Vite and Rollup from tree-shaking unused code. This results in unnecessary constants being included in the final bundle.
Would you consider:
- Adding native ESM support (e.g., through
.mjs files)?
- Or providing a dual CJS/ESM build (for example via the
exports field or the module field in package.json)?
I'm using the
csp-headerpackage in a browser environment to dynamically build Content Security Policies, which are then included in child iframes viametatags.Currently, the package only provides an CommonJS version, which prevents Vite and Rollup from tree-shaking unused code. This results in unnecessary constants being included in the final bundle.
Would you consider:
.mjsfiles)?exportsfield or themodulefield inpackage.json)?