By DeepSource

Object.prototype builtins should not be used directly JS-0021

Bug risk Autofix

It is preferable to call certain Object.prototype methods through Object on object instances instead of using the builtins directly.

Objects can have properties that shadow the builtins on Object.prototype, potentially causing unintended behavior or denial-of-service security vulnerabilities.

For example, it would be unsafe for a webserver to parse JSON input from a client and call hasOwnProperty directly on the resulting object, because a malicious client could send a JSON value like {"hasOwnProperty": 1} and cause the server to crash.

It's better to always call these methods from Object.prototype. For example, obj.hasOwnProperty("bar") should be replaced with, "bar").

Bad Practice

let hasBarProperty = obj.hasOwnProperty("property");

let isPrototypeOfBar = obj.isPrototypeOf(property);

let barIsEnumerable = obj.propertyIsEnumerable("property");


let hasBarProperty =, "property");

let isPrototypeOfBar =, property);

let barIsEnumerable = {}, "property");