Please support setPrototypeOf instead of __proto__
kapouer opened this issue · 1 comments
kapouer commented
According to MDN docs on proto, all A.__proto__ = B should actually be Object.setPrototypeOf(A, B).
__proto__ is only allowed to keep compatibility, and represents a huge security vulnerability surface.
This would also allow "hardening" nodejs with --disable-proto=delete|throw.