“…Since most of the common JavaScript vulnerabilities cannot be prevented or resolved with browser-level security (which can be omitted, wrongly configured, or bypassed [11,29,38]), a variety of static [15,22,23,33] and dynamic [5,7,13,25,32,35,36,37,39,41] analyses have been proposed to make applications more secure. On the one hand, a static analysis reason about the program's source code, allowing developers to detect and resolve security issues in the early stages before deploying or executing the application.…”