fix: only emit prototype pollution error when there's metadata emitted

src/index.test.ts

@@ -1059,7 +1059,7 @@ test.each(['__proto__', 'prototype', 'constructor'])(
   forbidden => {
     expect(() => {
       SuperJSON.serialize({
-        [forbidden]: 1,
+        [forbidden]: NaN,
       });
     }).toThrowError(/This is a prototype pollution risk/);
   }
@@ -1229,3 +1229,8 @@ test('dedupe=true on a large complicated schema', () => {
   expect(nondedupedOut).toEqual(deserialized);
   expect(dedupedOut).toEqual(deserialized);
 });
+
+test("prototype pollution detector doesn't trigger when there's no meta", () => {
+  const { meta } = SuperJSON.serialize({ constructor: { name: 'hello' } });
+  expect(meta).toBeUndefined();
+});

src/plainer.ts

@@ -216,16 +216,6 @@ export const walker = (
   const innerAnnotations: Record<string, Tree<TypeAnnotation>> = {};
 
   forEach(transformed, (value, index) => {
-    if (
-      index === '__proto__' ||
-      index === 'constructor' ||
-      index === 'prototype'
-    ) {
-      throw new Error(
-        `Detected property ${index}. This is a prototype pollution risk, please remove it from your object.`
-      );
-    }
-
     const recursiveResult = walker(
       value,
       identities,
@@ -236,6 +226,18 @@ export const walker = (
       seenObjects
     );
 
+    const emitsMeta = recursiveResult.annotations !== undefined;
+    if (
+      emitsMeta &&
+      (index === '__proto__' ||
+        index === 'constructor' ||
+        index === 'prototype')
+    ) {
+      throw new Error(
+        `Detected property ${index}. This is a prototype pollution risk, please remove it from your object.`
+      );
+    }
+
     transformedValue[index] = recursiveResult.transformedValue;
 
     if (isArray(recursiveResult.annotations)) {