diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
new file mode 100644
index 0000000..ad28488
--- /dev/null
+++ b/.github/workflows/nodejs.yml
@@ -0,0 +1,46 @@
+# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Node.js CI
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [6, 8, 10, 12, 14, 16]
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    steps:
+    - name: Checkout Git Source
+      uses: actions/checkout@v2
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    - name: Install Dependencies
+      run: npm i -g npminstall@latest-3 && npminstall
+
+    - name: Continuous Integration
+      run: npm run ci
+
+    - name: Code Coverage
+      uses: codecov/codecov-action@v1
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 5ec1467..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-sudo: false
-language: node_js
-node_js:
-  - '4'
-  - '6'
-  - '7'
-install:
-  - npm i npminstall && npminstall
-script:
-  - npm run ci
-after_script:
-  - npminstall codecov && codecov
diff --git a/appveyor.yml b/appveyor.yml
deleted file mode 100644
index 2efd0fa..0000000
--- a/appveyor.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-environment:
-  matrix:
-    - nodejs_version: '4'
-    - nodejs_version: '6'
-    - nodejs_version: '7'
-
-install:
-  - ps: Install-Product node $env:nodejs_version
-  - npm i npminstall && node_modules\.bin\npminstall
-
-test_script:
-  - node --version
-  - npm --version
-  - npm run ci
-
-build: off
diff --git a/index.js b/index.js
index b4f40f3..4367a37 100644
--- a/index.js
+++ b/index.js
@@ -47,6 +47,8 @@ module.exports = function extend() {
 
     // Extend the base object
     for (name in options) {
+      if (name === '__proto__') continue;
+
       src = target[name];
       copy = options[name];
 
diff --git a/package.json b/package.json
index 3f4d00b..c5f6c83 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,6 @@
   "dependencies": {},
   "devDependencies": {
     "covert": "^1.1.0",
-    "egg-ci": "^1.5.0",
     "eslint": "^3.2.2",
     "eslint-config-egg": "^3.2.0",
     "tape": "^4.6.0"
@@ -35,6 +34,7 @@
     "index.js"
   ],
   "ci": {
-    "version": "4, 6, 7"
+    "type": "github",
+    "version": "6, 8, 10, 12, 14, 16"
   }
 }
diff --git a/test/index.js b/test/index.js
index 8c4fd32..e5341c8 100644
--- a/test/index.js
+++ b/test/index.js
@@ -619,3 +619,18 @@ test('works without Array.isArray', function (t) {
   Array.isArray = savedIsArray;
   t.end();
 });
+
+test('fix __proto__ copy', function (t) {
+  var r = extend(true, {}, JSON.parse('{"__proto__": {"polluted": "yes"}}'));
+  t.deepEqual(
+    JSON.stringify(r),
+    '{}',
+    'It should not copy __proto__'
+  );
+  t.deepEqual(
+    ''.polluted,
+    undefined,
+    'It should not affect object prototype'
+  );
+  t.end();
+});