From f147e90269b58bb6e539cfdf3d0e20d6ad14204b Mon Sep 17 00:00:00 2001
From: Ryuichi Okumura <okuryu@okuryu.com>
Date: Wed, 25 Mar 2026 23:18:17 +0900
Subject: [PATCH 1/2] Merge commit from fork

---
 index.js               |  4 ++--
 test/unit/serialize.js | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index e298ab4..2389110 100644
--- a/index.js
+++ b/index.js
@@ -125,8 +125,8 @@ module.exports = function serialize(obj, options) {
                 return '@__S-' + UID + '-' + (sets.push(origValue) - 1) + '__@';
             }
 
-            if(origValue instanceof Array) {
-                var isSparse = origValue.filter(function(){return true}).length !== origValue.length;
+            if(Array.isArray(origValue)) {
+                var isSparse = Object.keys(origValue).length !== origValue.length;
                 if (isSparse) {
                     return '@__A-' + UID + '-' + (arrays.push(origValue) - 1) + '__@';
                 }
diff --git a/test/unit/serialize.js b/test/unit/serialize.js
index db1f9a0..6a22891 100644
--- a/test/unit/serialize.js
+++ b/test/unit/serialize.js
@@ -426,6 +426,29 @@ describe('serialize( obj )', function () {
         });
     });
 
+    describe('array-like objects', function () {
+        it('should not hang on array-like objects with large length', function () {
+            var value = Object.create(Array.prototype);
+            value[Symbol.toStringTag] = 'Array';
+            Object.defineProperty(value, 'length', {
+                value: Number.MAX_SAFE_INTEGER,
+            });
+            // Should serialize without hanging (treated as a plain object)
+            var result = serialize(value);
+            strictEqual(typeof result, 'string');
+        });
+
+        it('should not hang on Array subclass with overridden filter', function () {
+            var arr = new (class extends Array {
+                filter() {
+                    while (true) {}
+                }
+            })();
+            var result = serialize(arr);
+            strictEqual(typeof result, 'string');
+        });
+    });
+
     describe('sparse arrays', function () {
         it('should serialize sparse arrays', function () {
             var a = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10];

From df3f1c1fa9ca16b050ae893cb63ac23c91deed55 Mon Sep 17 00:00:00 2001
From: Ryuichi Okumura <okuryu@okuryu.com>
Date: Wed, 25 Mar 2026 23:23:30 +0900
Subject: [PATCH 2/2] release: v7.0.5

PR-URL: https://github.com/yahoo/serialize-javascript/pull/213
---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 31d575e..284b38f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "serialize-javascript",
-  "version": "7.0.4",
+  "version": "7.0.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "serialize-javascript",
-      "version": "7.0.4",
+      "version": "7.0.5",
       "license": "BSD-3-Clause",
       "devDependencies": {
         "benchmark": "^2.1.4"
diff --git a/package.json b/package.json
index 59c8d68..d51c610 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "serialize-javascript",
-  "version": "7.0.4",
+  "version": "7.0.5",
   "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.",
   "main": "index.js",
   "scripts": {