Strict Mode Directive Rendered Unusable

[AlexWilson-GIS]

I am compiling Typescript to JavaScript, then compiling down to a single file for use in Github Actions with this library. The Typescript output begins like this:

"use strict";

// Begin code

However, this library inserts code before the directive, causing the final compiled output to look like this:

/******/ (() => { // webpackBootstrap
/******/ 	var __webpack_modules__ = ({

/***/ 7351:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {

"use strict";

// Begin code

This means that all code compiled by this library is not running in strict mode, because the directive must be placed on the first line of a script for global effect or the first line of a function for localized effect. While this is not directly a security vulnerability in ncc, it can have unexpected security and behavioral effects on the compiled output.

[AlexWilson-GIS]

Wanted to add another detail: I was just reading the documentation for this project and saw that this library can compile TS directly, which I think is great. I was previously compiling with TS separately, then running it through this. I'll switch to just using this library 👍

That being said, compiling directly from Typescript doesn't include the "use strict"; directive either, so strict mode is still lost.