{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T08:55:33Z","timestamp":1767516933921,"version":"3.48.0"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T00:00:00Z","timestamp":1767484800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T00:00:00Z","timestamp":1767484800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003819","name":"Natural Science Foundation of Hubei Province","doi-asserted-by":"publisher","award":["2023AFB394"],"award-info":[{"award-number":["2023AFB394"]}],"id":[{"id":"10.13039\/501100003819","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>JavaScript code is often included in web applications to implement various functionalities. However, namespace is absent in JavaScript(JS), and all JavaScript code in a same frame shares a common namespace. The absence of namespace may lead to mutual interference among JavaScript code, which results in abnormal program execution. In this paper, we investigate the issue of global identifier conflicts in JavaScript code that cause anomalies across entire web pages. Unlike existing dynamic detection methods like JSOBSERVER which introduce significant runtime performance overhead and can only detect conflicts in executed code paths, our approach avoids execution dependency and performance penalty. Aimed to this issue, we develop a static analysis tool, called DetecJS, to analyze dependencies and conflict relationships among JavaScript code. It can be used to assists developers in identifying global identifier conflicts in the program early during development without executing the code. Based on DetecJS, we identify 2618 global identifier conflicts across 1000 websites. Additionally, we conduct a performance evaluation of DetecJS, the results indicated that the tool exhibits high performance, with an average analysis time of only 5.56\u00a0s per web page and conflict detection taking just 15.15\u00a0ms.<\/jats:p>","DOI":"10.1186\/s42400-025-00530-x","type":"journal-article","created":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T08:53:32Z","timestamp":1767516812000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Javascript global identifier conflicts detection based on static analysis"],"prefix":"10.1186","volume":"9","author":[{"given":"Shibo","family":"Sun","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5013-2077","authenticated-orcid":false,"given":"Shixiong","family":"Yao","sequence":"additional","affiliation":[]},{"given":"Jiageng","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Pei","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,4]]},"reference":[{"key":"530_CR1","doi-asserted-by":"crossref","unstructured":"Agten P, Van Acker S, Brondsema Y, Phung PH, Desmet L, Piessens F (2012) Jsand: complete client-side sandboxing of third-party javascript without browser modifications. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 1\u201310","DOI":"10.1145\/2420950.2420952"},{"key":"530_CR2","unstructured":"Babel https:\/\/www.babeljs.cn"},{"key":"530_CR3","unstructured":"ESLint https:\/\/eslint.org\/"},{"key":"530_CR4","doi-asserted-by":"crossref","unstructured":"Fard AM, Mesbah A (2013) Jsnose: Detecting javascript code smells. In: 2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 116\u2013125. IEEE","DOI":"10.1109\/SCAM.2013.6648192"},{"key":"530_CR5","unstructured":"Flow https:\/\/flow.org\/"},{"key":"530_CR6","doi-asserted-by":"crossref","unstructured":"Guha A, Saftoiu C, Krishnamurthi S (2011) Typing local control and state using flow analysis. In: Programming Languages and Systems: 20th European Symposium on Programming, ESOP 2011, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2011, Saarbr\u00fccken, Germany, March 26\u2013April 3, 2011. Proceedings 20, pp. 256\u2013275. Springer","DOI":"10.1007\/978-3-642-19718-5_14"},{"issue":"6","key":"530_CR7","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1145\/2345156.2254094","volume":"47","author":"B Hackett","year":"2012","unstructured":"Hackett B, Guo S-Y (2012) Fast and precise hybrid type inference for javascript. ACM SIGPLAN Notices 47(6):239\u2013250","journal-title":"ACM SIGPLAN Notices"},{"key":"530_CR8","doi-asserted-by":"crossref","unstructured":"Heidegger P, Thiemann P (2010) Recency types for analyzing scripting languages. In: ECOOP 2010\u2013Object-Oriented Programming: 24th European Conference, Maribor, Slovenia, June 21-25, 2010. Proceedings 24, pp. 200\u2013224. Springer","DOI":"10.1007\/978-3-642-14107-2_10"},{"key":"530_CR9","unstructured":"htmlparser2 https:\/\/github.com\/fb55\/htmlparser2"},{"key":"530_CR10","doi-asserted-by":"crossref","unstructured":"Jensen SH, M\u00f8ller A, Thiemann P (2009) Type analysis for javascript. In: Static Analysis: 16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9-11, 2009. Proceedings 16, pp. 238\u2013255. Springer","DOI":"10.1007\/978-3-642-03237-0_17"},{"key":"530_CR11","unstructured":"JSLint https:\/\/www.jslint.com\/\/"},{"key":"530_CR12","doi-asserted-by":"crossref","unstructured":"Kashyap V, Sarracino J, Wagner J, Wiedermann B, Hardekopf B (2013) Type refinement for static analysis of javascript. In: Proceedings of the 9th Symposium on Dynamic Languages, pp. 17\u201326","DOI":"10.1145\/2508168.2508175"},{"key":"530_CR13","doi-asserted-by":"crossref","unstructured":"Lauinger T, Chaabane A, Arshad S, Robertson W, Wilson C, Kirda E (2018) Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918","DOI":"10.14722\/ndss.2017.23414"},{"key":"530_CR14","unstructured":"Li Shisheng LX, Cheng\u00a0Mingqi (2012) Javascript typing system with prediction(in chinese). In: Journal of Computer Research and Development, pp. 421\u2013431"},{"key":"530_CR15","doi-asserted-by":"crossref","unstructured":"Patra J, Dixit PN, Pradel M (2018) Conflictjs: finding and understanding conflicts between javascript libraries. In: Proceedings of the 40th International Conference on Software Engineering, pp. 741\u2013751","DOI":"10.1145\/3180155.3180184"},{"key":"530_CR16","doi-asserted-by":"crossref","unstructured":"Phung PH, Sands D, Chudnov A (2009) Lightweight self-protecting javascript. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 47\u201360","DOI":"10.1145\/1533057.1533067"},{"key":"530_CR17","doi-asserted-by":"crossref","unstructured":"Pradel M, Schuh P, Sen K (2015) Typedevil: Dynamic type inconsistency analysis for javascript. In: 2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 314\u2013324. IEEE","DOI":"10.1109\/ICSE.2015.51"},{"key":"530_CR18","doi-asserted-by":"crossref","unstructured":"Sen K, Kalasapur S, Brutch T, Gibbs S (2013) Jalangi: A selective record-replay and dynamic analysis framework for javascript. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 488\u2013498","DOI":"10.1145\/2491411.2491447"},{"key":"530_CR19","doi-asserted-by":"crossref","unstructured":"Staicu C-A, Pradel M, Livshits B (2018) Understanding and automatically preventing injection attacks on node. js. In: Network and Distributed System Security Symposium (NDSS)","DOI":"10.14722\/ndss.2018.23071"},{"key":"530_CR20","doi-asserted-by":"crossref","unstructured":"Tan TH, Xue Y, Chen M, Liu S, Yu Y, Sun J (2017) Jsfox: integrating static and dynamic type analysis of javascript programs. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp. 256\u2013258. IEEE","DOI":"10.1109\/ICSE-C.2017.91"},{"issue":"8","key":"530_CR21","doi-asserted-by":"publisher","first-page":"863","DOI":"10.1109\/TSE.2018.2871058","volume":"46","author":"KF T\u00f3masd\u00f3ttir","year":"2018","unstructured":"T\u00f3masd\u00f3ttir KF, Aniche M, Van Deursen A (2018) The adoption of javascript linters in practice: A case study on eslint. IEEE Trans Software Eng 46(8):863\u2013891","journal-title":"IEEE Trans Software Eng"},{"key":"530_CR22","unstructured":"TypeScript https:\/\/www.typescriptlang.org"},{"key":"530_CR23","doi-asserted-by":"publisher","first-page":"1419","DOI":"10.1007\/s10664-019-09750-5","volume":"25","author":"C Vassallo","year":"2020","unstructured":"Vassallo C, Panichella S, Palomba F, Proksch S, Gall HC, Zaidman A (2020) How developers engage with static analysis tools in different contexts. Empir Softw Eng 25:1419\u20131457","journal-title":"Empir Softw Eng"},{"key":"530_CR24","unstructured":"WEI\u00a0Miao, S.L.-w. WU\u00a0Yi-jian: Finding type mismatch defects of javascript based on static analysis(in chinese). In: Computer Science, pp. 223\u2013228 (2017)"},{"key":"530_CR25","doi-asserted-by":"crossref","unstructured":"Zhang M, Meng W (2020) Detecting and understanding javascript global identifier conflicts on the web. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 38\u201349","DOI":"10.1145\/3368089.3409747"},{"key":"530_CR26","doi-asserted-by":"crossref","unstructured":"Zhang M, Meng W (2021) Jsisolate: lightweight in-browser javascript isolation. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 193\u2013204","DOI":"10.1145\/3468264.3468577"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00530-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00530-x","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00530-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T08:53:35Z","timestamp":1767516815000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00530-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,4]]},"references-count":26,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["530"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00530-x","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,4]]},"assertion":[{"value":"21 July 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"1"}}