JavaScript

This blog post explains how QL can be used to discover so-called 'Reflected File Download' vulnerabilities in JavaScript applications. As an example, we look at CVE-2018-6835 which we recently found in the Etherpad collaborative editor.

LGTM now supports TypeScript as part of its existing JavaScript analysis.

Lodash and Underscore are both prominent members of the top-10 of most-used JavaScript packages. This blog post investigates the popular belief that Lodash is becoming more popular at the expense of Underscore, and explores what could be behind the r…