This repository reproduces a compatibility issue introduced in Wrangler 4.16 that breaks libraries containing eval statements in their source code.

After upgrading from Wrangler 4.15 to 4.16, Cloudflare Workers fail to deploy or run when dependencies contain eval statements. This affects several popular libraries, including js-sha256.

• js-sha256 (version 0.9.0) - Contains eval in its source code

1. Install dependencies with npm install
2. Try to deploy or run locally with npm run dev or npm run deploy
3. Observe the failure when using Wrangler 4.16

✘ [ERROR] service core:user:cf-workers-eval-issue: Uncaught Error: EvalError: Code generation from strings disallowed for this context

    at null.<anonymous> (index.js:1260:22) in nodeWrap
    at null.<anonymous> (index.js:1245:21) in createMethod
    at null.<anonymous> (index.js:1626:21)
    at null.<anonymous> (index.js:1642:7) in node_modules/js-sha256/src/sha256.js
    at null.<anonymous> (index.js:12:50) in __require
    at null.<anonymous> (index.js:1666:32)

4. Downgrade to Wrangler 4.15 to confirm the issue is resolved

Downgrade to Wrangler 4.15:

npm install wrangler@4.15.0 --save-dev

Workers should deploy and run successfully with libraries containing eval, as they did in Wrangler 4.15 and earlier versions.

• Node.js version: v22.16.0
• Wrangler version: 4.16.1 (broken), 4.15.0 (working)
• Operating system: macOS Sequoia 15.5