Provides default sources, sinks and sanitizers for reasoning about format injections, as well as extension points for adding your own.
Provides JS-specific imports needed for
A format argument to a printf-like function, considered as a flow sink for format injection.
A source of remote user input, considered as a flow source for format injection.
A sanitizer for format injections.
A data flow sink for format injections.
A data flow source for format injections.