From ddd960fe776a19cb9a2d4cff3be6926794e2e26c Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Fri, 14 Oct 2022 10:21:06 -0700 Subject: [PATCH] resolve-shims: prevent prototype pollution --- lib/resolve-shims.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/resolve-shims.js b/lib/resolve-shims.js index cb634fe..c6650eb 100644 --- a/lib/resolve-shims.js +++ b/lib/resolve-shims.js @@ -123,6 +123,11 @@ function separateExposeGlobals(shims) { , exposeGlobals = {}; Object.keys(shims).forEach(function (k) { + // https://github.com/thlorenz/browserify-shim/issues/245 + if (k === '__proto__' || k === 'constructor') { + return; + } + var val = shims[k] , exp = val && val.exports;