Hi there,

Looking at adding a CSP header to my Koa project, and looking at the source here:

Can't help but think the async is redundant if await next(); is changed to return next(); as I've seen for other Koa middleware.

So instead:

return (ctx, next) => { 
   if (enableWarn) validatePolicy(policy); 
  
   const policyStr = formatPolicy(policy) 
     .map(directive => directive.join(' ')) 
     .join(';') 
  
   ctx.set('Content-Security-Policy', policyStr); 
   return next();
};

I would happily implement this & open a PR, however after quickly looking through tests it would fundamentally change all tests!

I write yarn install and this package don't work without '--ignore-scripts'. What could i do for install without ignore scripts

Is your feature request related to a problem? Please describe.
Many people have started to use this library, it is valuable to use Typescript to rewrite.

Just a small typo in the GitHub repository description.

package.json contains a "jsnext:main": "src/csp.js" entry, but csp.js does not exist. It's likely that it should ...

1. refer to src/index.js
2. be replaced by module: "src/index.js" (see e.g. this rollup issue)

In practice the wrong jsnext:main entry leads to eslint-plugin-import returning an import/no-unresolved error and a linting failure, but using either module or jsnext:main with src/index.js works.

Describe the bug
Getting [kpa-csp warn] Invalid Policy Name: form-action, report-uri on the logs.

To Reproduce
add form-action and report-uri policies.

Additional context
form-action and report-uri are valid policies for CSP. Please add them in the package. Also is kpa-csp a typo?