Fix issue with unexpected tokens (core-js in this case)

[FranklinWaller]

This fixes the case with core-js where the variable name has a '-' (Which is not valid in vars).

[commenthol]

Hi @FranklinWaller, could you please tell me a bit more why the "-" sign causes issues with core-js?
Just would like to understand the case.
Your change introduces a "silent ignore" preventing a "fast fail" which causes confusion to developers.

[FranklinWaller]

@commenthol Core-js adds a variable to the window object called something like core-js-shared now this is valid if you do this: window['__core-js-share__'] = () => { etc.. } but not valid if you write var __core-js-share__ = () => { etc.. }. Since safer-eval creates variables it will throw an exception and fail to continue. (See https://github.com/commenthol/safer-eval/blob/master/src/browser.js#L45). IMO it's better to ignore those variables (And reassign them yourself) than not be able to execute at all.

[ElMatella]

In order to prevent the silent ignore, we could set a console.warn to warn the developer that this variable won't be evaluated.. Not removing those core-js variables makes the package unusable :/

[FranklinWaller]

@commenthol Added a warning for unexpected characters. Please review

[commenthol]

I hope you are fine with favoring #4 instead of this PR.

[FranklinWaller]

As long as it fixes the issue i'm happy 😉