Attacker-controlled keys (like __proto__) modify Object.prototype, corrupting application behaviour app-wide.
Upgrade the package; the fix usually rejects __proto__/constructor keys.
Validate object keys, use Map or null-prototype objects, and avoid recursive merge of untrusted data.
Stateward flags Prototype Pollution in your own code and dependencies on every pull request.
Scan my repoSources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.