Sttor Documentation

Appearance

JavaScript / TypeScript

JS/TS SAST covers frontend + Node.js backends

What it commonly detects:

  • XSS patterns (DOM sinks, unsafe rendering)
  • Injection and command execution on Node
  • SSRF patterns in server-side fetchers
  • Insecure JWT usage / weak validation patterns (where applicable)
  • Dangerous eval-like constructs and prototype pollution sinks
  • Separate guidance for Browser vs Node.js
  • Framework hints (Express/Nest/Next, etc.)

Copyright © 2026 Sttor