Sandbox escape possibility (`this`)

With the default setup it is easily possible to escape the sandbox:

const compiler = require('@nx-js/compiler-util')
compiler.compileCode('return this')({})
// returns Object [global]

There is a way to protect against this vulnerability:

compiler.compileCode('return this').bind({})({})
// returns {}

But this library should be "secure by default".

Occurs in both nodejs and browser.
Version: 2.0.0

[xaviergonz]

it is also possible to escape (even with bind) using something like

((function*(){}).constructor("alert(4)"))().next();