steal is vulnerable to prototype pollution. The vulnerability exists because of lack of validation in convertLater
function in npm-convert.js
which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating the base object.