diff --git a/tools/cordova/project.js b/tools/cordova/project.js
index 7210fe4dc8..c0d490781d 100644
--- a/tools/cordova/project.js
+++ b/tools/cordova/project.js
@@ -13,6 +13,7 @@ import main from '../cli/main.js';
 import httpHelpers from '../utils/http-helpers.js';
 import { execFileSync, execFileAsync } from '../utils/processes.js';
 
+import './protect-string-proto.js'; // must always come before 'cordova-lib'
 import { cordova as cordova_lib, events as cordova_events, CordovaError }
   from 'cordova-lib';
 import cordova_util from 'cordova-lib/src/cordova/util.js';
diff --git a/tools/cordova/protect-string-proto.js b/tools/cordova/protect-string-proto.js
new file mode 100644
index 0000000000..020a9db457
--- /dev/null
+++ b/tools/cordova/protect-string-proto.js
@@ -0,0 +1,18 @@
+// `cordova-lib` depends on `shelljs`, which modifies String.prototype
+// (which is BAD).  See:
+// https://github.com/arturadib/shelljs/issues/159
+//
+// The following code protects the tool environment (which is also
+// where build plugins run) from having a polluted String.prototype.
+// One JS library in particular, String.js (before v3.3.1), is
+// sensitive to String prototype pollution.
+//
+// Fortunately, `cordova-lib` does not seem to rely on the presence of
+// `String#to` or `String#toEnd` (or this code would break it).
+//
+// This code can be removed when `shelljs` cleans up its act and
+// `cordova-lib` uses a new version, or when `cordova-lib` moves away
+// from `shelljs`.
+
+Object.defineProperty(String.prototype, 'to', { set: function () {} });
+Object.defineProperty(String.prototype, 'toEnd', { set: function () {} });