Node eval raises alerts in security finding tools

[tjaeuth]

We used https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to detect NPM packages affected by the Shai-Hulud-2.0 attack.

The good news are this package was not listed as affected by the malware.
The bad news are it complained about the usage of node eval inside the node scripts:

jsdiff/package.json

Line 74 in 43c716c

"generate-cjs": "yarn tsc --module commonjs --outDir libcjs && node --eval \"fs.writeFileSync('libcjs/package.json', JSON.stringify({type:'commonjs',sideEffects:false}))\"",

Why not put the code into a JavaScript file and execute that on npm generate-cjs and npm generate-esm?
That would fix false positives alerts in npm audit tools.