From 468aa6595985e11e54f2955ae45db2281030e465 Mon Sep 17 00:00:00 2001
From: Can Mingir <54210920+canmingir@users.noreply.github.com>
Date: Mon, 9 Dec 2024 05:31:44 -0500
Subject: [PATCH] Fix code scanning alert no. 1: Prototype-polluting assignment

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/Event.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Event.js b/src/Event.js
index 158158b..cc7c52a 100644
--- a/src/Event.js
+++ b/src/Event.js
@@ -41,6 +41,9 @@ const subscribe = (...args) => {
 
   console.debug("react-event", "subscribe", type, id);
 
+  if (type === '__proto__' || type === 'constructor' || type === 'prototype') {
+    throw new Error("Invalid subscription type");
+  }
   if (!subscriptions[type]) {
     subscriptions[type] = {};
   }
@@ -81,6 +84,9 @@ const publish = (...args) => {
   console.log("react-event", "publish", type, payload);
   messages.set(type, payload);
 
+  if (type === '__proto__' || type === 'constructor' || type === 'prototype') {
+    throw new Error("Invalid publish type");
+  }
   Object.keys(subscriptions[type] || {}).forEach((key) => {
     const registry = subscriptions[type][key];