Falafel uses outdated acorn, which introduces Content Security issues

[salemhilal]

TL;DR: Either falafel needs to use a newer version of acorn, or an alternative may need to be found.

I (half-actively) maintain a jsfmt plugin for Atom. I started getting issues about a Content Security Policy violation from my package. I tracked the issue down to an old version of acorn, used by falafel, that has new Function calls. For a while, acorn provided a pre-compiled distribution to get around this, but they've since fixed this problem entirely.

It seems like Falafel may not be being actively maintained anymore. On the other hand, I'm not sure it's a huge issue unless you're trying to require('jsfmt').

[ariya]

An alternative approach is to not use falafel at all. I spot that falafel is being used only inside lib/rewrite.js. Most of the logic has been implemented already there and that file is longer that the core of falafel. It does not add too much complexity to incorporate a simplistic (but sufficient) tree traversal within lib/rewrite.js itself.