CodeQL library for JavaScript/TypeScript
codeql/javascript-all 1.0.1 (changelog, source)

Module FrameworkLibraries

Provides classes for identifying popular framework libraries.

Each framework is identified by a subclass of FrameworkLibrary, which is simply a tag identifying the library, such as "jquery". This represents the framework as an abstract concept.

Subclasses of FrameworkLibraryInstance identify concrete instances (or copies) of frameworks, that is, files (or scripts embedded in HTML) containing the implementation of a particular version of a framework library.

Subclasses of FrameworkLibraryReference identify HTML <script> tags that refer to a particular version of a framework library.

Typically, framework library instances are identified by looking for marker comments, while framework library references are identified by analyzing the URL referenced in the src attribute.

Common patterns for doing this are encapsulated by classes FrameworkLibraryWithMarkerComment and FrameworkLibraryWithGenericURL, which identify framework libraries by matching their marker comment and URL, respectively, against a regular expression. Most frameworks can be represented by a single class extending both of these two classes (for example Bootstrap and React), while other frameworks have more complex rules for recognizing instances (for example MooTools).

Import path

import semmle.javascript.dependencies.FrameworkLibraries



Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.



An abstract representation of a framework library.


An instance (or copy) of a framework library, that is, a file or script containing the code for a particular version of a framework.


An instance of a FrameworkLibraryWithMarkerComment.


An abstract representation of a reference to a framework library via the src attribute of a <script> element.


A reference to a FrameworkLibraryWithURL.


A framework library that is referenced by URLs containing the name of the framework (or an alias) and a version string.


A framework library whose instances can be identified by marker comments.


A framework library that is referenced by URLs that have a certain pattern.