From 3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b Mon Sep 17 00:00:00 2001
From: Jon Schlinkert <jon.schlinkert@sellside.com>
Date: Tue, 15 Jul 2025 12:33:57 -0700
Subject: [PATCH] Merge pull request #144 from Jason3S/jdent-object-properties

fix: exception when glob pattern contains `constructor`
---
 lib/constants.js  | 1 +
 test/malicious.js | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/lib/constants.js b/lib/constants.js
index a62ef387..8b02dc8f 100644
--- a/lib/constants.js
+++ b/lib/constants.js
@@ -97,6 +97,7 @@ module.exports = {
 
   // Replace globs with equivalent patterns to reduce parsing time.
   REPLACEMENTS: {
+    __proto__: null,
     '***': '*',
     '**/**': '**',
     '**/**/**': '**'
diff --git a/test/malicious.js b/test/malicious.js
index 33cf6b85..82a7d2c9 100644
--- a/test/malicious.js
+++ b/test/malicious.js
@@ -30,4 +30,9 @@ describe('handling of potential regex exploits', () => {
       assert(!isMatch('A', `!(${repeat(500)}A)`, { maxLength: 499 }));
     }, /Input length: 504, exceeds maximum allowed length: 499/);
   });
+  it('should be able to accept Object instance properties', () => {
+    assert(isMatch('constructor', 'constructor'), 'valid match');
+    assert(isMatch('__proto__', '__proto__'), 'valid match');
+    assert(isMatch('toString', 'toString'), 'valid match');
+  });
 });