Security fix for Prototype Pollution (#5)

Co-authored-by: arjunshibu <arjunshibu1999@gmail.com>
Co-authored-by: Jamie Slome <jamie@418sec.com>

Author: 3 people

index.js

@@ -27,7 +27,7 @@ function set (obj, path, value) {
       obj[path[i]] = value
     else if(null == obj[path[i]])
       obj = (obj[path[i]] = isNonNegativeInteger(path[i+1]) ? [] : {})
-    else
+    else if (!(isPrototypePolluted(path[i])))
       obj = obj[path[i]]
   return value
 }
@@ -91,6 +91,10 @@ function clone (obj) {
   return _obj
 }
 
+function isPrototypePolluted(key) {
+  return ['__proto__', 'constructor', 'prototype'].includes(key)
+}
+
 exports.get = get
 exports.set = set
 exports.each = each