diff --git a/commonjs/core.js b/commonjs/core.js
index 076d704..16ee5bb 100644
--- a/commonjs/core.js
+++ b/commonjs/core.js
@@ -188,8 +188,10 @@ function applyOperation(document, operation, validateOperation, mutateDocument,
             if (key && key.indexOf('~') != -1) {
                 key = helpers_js_1.unescapePathComponent(key);
             }
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {
diff --git a/module/core.mjs b/module/core.mjs
index d4994aa..2eac75c 100644
--- a/module/core.mjs
+++ b/module/core.mjs
@@ -186,8 +186,10 @@ export function applyOperation(document, operation, validateOperation, mutateDoc
             if (key && key.indexOf('~') != -1) {
                 key = unescapePathComponent(key);
             }
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {
diff --git a/src/core.ts b/src/core.ts
index 9a8f737..cac6607 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -251,8 +251,11 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
         key = unescapePathComponent(key);
       }
 
-      if(banPrototypeModifications && key == '__proto__') {
-        throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+      if(banPrototypeModifications && 
+          (key == '__proto__' || 
+          (key == 'prototype' && t>0 && keys[t-1] == 'constructor'))
+        ) {
+        throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
       }
 
       if (validateOperation) {