There is a Prototype Pollution vulnerability in JSON5 before and including version 2.2.1. There is no security policy that I can find for this project, so I am unsure of where to report it. Should I just post the details here?