MessageFormat transpiler throws 'unsafe-eval' when activating CSP

[ematthewsBW]

Current Behavior
Cannot use CSP to prevent unsafe-eval when using transifex-native.

Expected Behavior
Can use CSP to prevent unsafe-eval when using transifex-native.

Steps to Reproduce
Add Content-Security-Policy header without unsafe-eval enabled such as

Content-Security-Policy: default-src 'self' example.com

Then try to use transifex-native to translate. You receive console error

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' example.com". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
p.compile	@	browser.native.js:2

minified code in browser.native.js

return (new (Function.bind.apply(Function, i(i([void 0], n(c), !1), [a], !1)))).apply(void 0, i([], n(u), !1))

Resultant Issue, Suggestion
Having to enable unsafe-eval for transifex opens up unsafe-eval for all scripts in your website, which is insecure. I suggest not using messageformat library as a dependency.

Notes
Same issue as transloco jsverse/transloco#364
Problematic line of code: https://github.com/messageformat/messageformat/blob/messageformat%404.0.0-7/packages/core/src/messageformat.ts#L291

const fnBody = 'return ' + compiler.compile(message, this.plurals[0]);