njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.