Why you should care
Modifying builtins like Object.prototype and Array.prototype are strictly forbidden. Modifying other builtins like Function.prototype is less dangerous but still leads to hard to debug issues in production and should be avoided.
It is not seldom that you see people messing with Object.prototype.
This is very bad because it breaks the object-as-hash-tables feature
in javascript. Basically, the following is a very common scenario:
var obj = {a: "A", b: "B", c: "C", d: "D"};
for (var key in obj) {
doSomething(key, obj[key], obj);
}
if ("b" in obj) {
doSomethingElse();
}
If someone modified the Object.prototype the for in loop would include any fields you’ve added
How we detect
CAST Highlight counts one occurrence each time one of the following patterns is found in the source code:
Object.prototype.<xxxx> = .... Array.prototype.<xxxx> = .... Function.prototype.<xxxx> = ....
References
About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.