Are there legit cases where monkey patching native funcs is justified? Many scanners report this as vulnerability, so I would expect browsers and standards bodies to eventually prohibit messing with native apis.

Off the top of my head:

- Overriding the fetch/XHR API for error monitoring (there's no other way to listen for them unless you use Service Workers)

- Polyfilling features on top of existing APIs

But you might not see them as "justified".