The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.