The code contains modifications of buildtins objects : Object, Array or Function

Why you should care

Modifying builtins like Object.prototype and Array.prototype are strictly forbidden. Modifying other builtins like Function.prototype is less dangerous but still leads to hard to debug issues in production and should be avoided.

It is not seldom that you see people messing with Object.prototype.
This is very bad because it breaks the object-as-hash-tables feature
in javascript. Basically, the following is a very common scenario:


var obj = {a: "A", b: "B", c: "C", d: "D"};
for (var key in obj) {
doSomething(key, obj[key], obj);
if ("b" in obj) {

If someone modified the Object.prototype the for in loop would include any fields you’ve added

How we detect

CAST Highlight counts one occurrence each time one of the following patterns is found in the source code:

Object.prototype.<xxxx> = ....
Array.prototype.<xxxx> = ....
Function.prototype.<xxxx> = ....



About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.