This package causes applications to fail to start if using NodeJS's --disallow-code-generation-from-strings security option, even if the application is not using a deprecated function, due to the use of dynamically generated code:

This could be fixed in multiple ways:

• Replace dynamic code generation with a non-dynamic version (I'm not actually sure why it generates an argument list which it doesn't use in the body?); or
• Catch the EvalError exception which gets thrown in this environment and fall-back to a simpler alternative; or
• Catch the EvalError and fall-back to a pass-through (just return fn unchanged), since warning about deprecated functions seems more useful at dev-time than in production anyway.

Since this package is being used by express, it seems especially useful to be able to run with additional security options enabled. This is the only change needed to let express run with --disallow-code-generation-from-strings.