JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …

Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …

Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …

This paper presents KJS, the most complete and throughly tested formal semantics of
JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 …

JavaScript is used everywhere from the browser to the server, including desktops and
mobile devices. However, the current state of the art in JavaScript static analysis lags far …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

JavaScript is the most widely used web language for client-side applications. Whilst the
development of JavaScript was initially just led by implementation, there is now increasing …

Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …

Mobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps
become a promising solution for supporting multiple mobile platforms. Providing both …

A linter is a static analysis tool that warns software developers about possible code errors or
violations to coding standards. By using such a tool, errors can be surfaced early in the …