'unsafe-inline' - is automatically being added in ''script-src"

[nrs-alfonzo]

I've noticed that the unsafe-inline value is automatically being added to my CSP header, specifically in script-src even though I have set NODE_ENV to 'production'.
Has anyone else experienced this? Is there a way to prevent this from happening?

Here's what my middleware.ts looks like.

// middleware.ts
const securityMiddleware = [
  csp({
    directives: {
      "default-src": ["self"],
      "script-src": [
        "self",
        process.env.NODE_ENV === "development" ? "unsafe-eval" : null,
      ],
      "img-src": ["self", "data:"],
      "font-src": [
        "self",
        "https://fonts.gstatic.com",
        "https://fonts.googleapis.com",
      ],
      "style-src": [
        "self",
        "https://fonts.googleapis.com",
        "https://fonts.gstatic.com",
      ],
      "connect-src": [
        "self",
      ],
      "object-src": ["none"],
      "base-uri": ["none"],
      "manifest-src": ["none"],
      "media-src": ["none"],
      "frame-ancestors": ["none"],
      "frame-src": ["none"],
      "form-action": ["self"],
    },
  }),
  strictDynamic(),
  strictInlineStyles(),
];

export default chainMatch(isPageRequest)(...securityMiddleware);