diff --git a/javascript/change-notes/2021-01-18-server-crash.md b/javascript/change-notes/2021-01-18-server-crash.md
new file mode 100644
index 00000000000..bf5383c3bd8
--- /dev/null
+++ b/javascript/change-notes/2021-01-18-server-crash.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The `js/server-crash` query has been added. It highlights servers may be terminated by a malicious user.
diff --git a/javascript/config/suites/javascript/security b/javascript/config/suites/javascript/security
index 3e87d292d7b..9f826d04314 100644
--- a/javascript/config/suites/javascript/security
+++ b/javascript/config/suites/javascript/security
@@ -49,6 +49,7 @@
 + semmlecode-javascript-queries/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql: /Security/CWE/CWE-640
 + semmlecode-javascript-queries/Security/CWE-643/XpathInjection.ql: /Security/CWE/CWE-643
 + semmlecode-javascript-queries/Security/CWE-730/RegExpInjection.ql: /Security/CWE/CWE-730
++ semmlecode-javascript-queries/Security/CWE-730/ServerCrash.ql: /Security/CWE/CWE-730
 + semmlecode-javascript-queries/Security/CWE-754/UnvalidatedDynamicMethodCall.ql: /Security/CWE/CWE-754
 + semmlecode-javascript-queries/Security/CWE-770/MissingRateLimiting.ql: /Security/CWE/CWE-770
 + semmlecode-javascript-queries/Security/CWE-776/XmlBomb.ql: /Security/CWE/CWE-776
diff --git a/javascript/ql/src/Security/CWE-730/ServerCrash.qhelp b/javascript/ql/src/Security/CWE-730/ServerCrash.qhelp
new file mode 100644
index 00000000000..e46616ade47
--- /dev/null
+++ b/javascript/ql/src/Security/CWE-730/ServerCrash.qhelp
@@ -0,0 +1,86 @@
+<!DOCTYPE qhelp PUBLIC
+"-//Semmle//qhelp//EN"
+"qhelp.dtd">
+<qhelp>
+
+<overview>
+
+	<p>
+
+		Servers handle requests from clients until terminated
+		deliberately by a server administrator. A client request that results
+		in an uncaught server-side exception causes the current server
+		response generation to fail, and should not have an effect on
+		subsequent client requests.
+
+	</p>
+
+	<p>
+
+		Under some circumstances, uncaught exceptions can however
+		cause the entire server to terminate abruptly. Such a behavior is
+		highly undesirable, especially if it gives malicious users the ability
+		to turn off the server at will, which is an efficient
+		denial-of-service attack.
+
+	</p>
+
+</overview>
+
+<recommendation>
+
+	<p>
+
+		Ensure that the processing of client requests can not cause
+		uncaught exceptions to terminate the entire server abruptly.
+
+	</p>
+
+</recommendation>
+
+<example>
+
+	<p>
+
+		The following server implementation checks if a client-provided
+		file path is valid and throws an exception if the check fails. It can
+		be seen that the exception is uncaught, and it is therefore reasonable to
+		expect the server to respond with an error response to client requests
+		that cause the check to fail.
+
+		But since the exception is uncaught in the context of an
+		asynchronous callback invocation (<code>fs.access(...)</code>), the
+		entire server will terminate instead.
+
+	</p>
+
+	<sample src="examples/server-crash.BAD.js"/>
+
+	<p>
+		To remedy this, the server can catch the exception explicitly with
+		a <code>try/catch</code> block, and generate an appropriate error
+		response instead:
+
+	</p>
+
+	<sample src="examples/server-crash.GOOD-A.js"/>
+
+	<p>
+
+		An alternative is to use an <code>async</code> and
+		<code>await</code> for the asynchronous behavior, since the server
+		will then print warning messages about uncaught exceptions instead of
+		terminating, unless the server was started with the commandline option
+		<code>--unhandled-rejections=strict</code>:
+
+	</p>
+
+	<sample src="examples/server-crash.GOOD-B.js"/>
+
+</example>
+
+<references>
+
+</references>
+
+</qhelp>
diff --git a/javascript/ql/src/Security/CWE-730/ServerCrash.ql b/javascript/ql/src/Security/CWE-730/ServerCrash.ql
new file mode 100644
index 00000000000..b81126b33cd
--- /dev/null
+++ b/javascript/ql/src/Security/CWE-730/ServerCrash.ql
@@ -0,0 +1,189 @@
+/**
+ * @name Server crash
+ * @description A server that can be forced to crash may be vulnerable to denial-of-service
+ *              attacks.
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision high
+ * @id js/server-crash
+ * @tags security
+ *       external/cwe/cwe-730
+ */
+
+import javascript
+
+/**
+ * Gets a function that indirectly invokes an asynchronous callback through `async`, where the callback throws an uncaught exception at `thrower`.
+ */
+Function invokesCallbackThatThrowsUncaughtException(
+  AsyncSentinelCall async, LikelyExceptionThrower thrower
+) {
+  async.getAsyncCallee() = throwsUncaughtExceptionInAsyncContext(thrower) and
+  result = async.getEnclosingFunction()
+  or
+  exists(DataFlow::InvokeNode invk, Function fun |
+    fun = invokesCallbackThatThrowsUncaughtException(async, thrower) and
+    // purposely not checking for `getEnclosingTryCatchStmt`. An async callback called from inside a try-catch can still crash the server.
+    result = invk.getEnclosingFunction()
+  |
+    invk.getACallee() = fun
+    or
+    // traverse a slightly extended call graph to get additional TPs
+    invk.(AsyncSentinelCall).getAsyncCallee() = fun
+  )
+}
+
+/**
+ * Gets a callee of an invocation `invk` that is not guarded by a try statement.
+ */
+Function getUncaughtExceptionRethrowerCallee(DataFlow::InvokeNode invk) {
+  not exists(invk.asExpr().getEnclosingStmt().getEnclosingTryCatchStmt()) and
+  result = invk.getACallee()
+}
+
+/**
+ * Holds if `thrower` is not guarded by a try statement.
+ */
+predicate isUncaughtExceptionThrower(LikelyExceptionThrower thrower) {
+  not exists([thrower.(Expr).getEnclosingStmt(), thrower.(Stmt)].getEnclosingTryCatchStmt())
+}
+
+/**
+ * Gets a function that may throw an uncaught exception originating at `thrower`, which then may escape in an asynchronous calling context.
+ */
+Function throwsUncaughtExceptionInAsyncContext(LikelyExceptionThrower thrower) {
+  (
+    isUncaughtExceptionThrower(thrower) and
+    result = thrower.getContainer()
+    or
+    exists(DataFlow::InvokeNode invk |
+      getUncaughtExceptionRethrowerCallee(invk) = throwsUncaughtExceptionInAsyncContext(thrower) and
+      result = invk.getEnclosingFunction()
+    )
+  ) and
+  // Anti-case:
+  // An exception from an `async` function results in a rejected promise.
+  // Unhandled promises requires `node --unhandled-rejections=strict ...` to terminate the process
+  // without that flag, the DEP0018 deprecation warning is printed instead (node.js version 14 and below)
+  not result.isAsync() and
+  // pruning optimization since this predicate always is related to `invokesCallbackThatThrowsUncaughtException`
+  result = reachableFromAsyncCallback()
+}
+
+/**
+ * Holds if `result` is reachable from a callback that is invoked asynchronously.
+ */
+Function reachableFromAsyncCallback() {
+  result instanceof AsyncCallback
+  or
+  exists(DataFlow::InvokeNode invk |
+    invk.getEnclosingFunction() = reachableFromAsyncCallback() and
+    result = invk.getACallee()
+  )
+}
+
+/**
+ * The main predicate of this query: used for both result display and path computation.
+ */
+predicate main(
+  HTTP::RouteHandler rh, AsyncSentinelCall async, AsyncCallback cb, LikelyExceptionThrower thrower
+) {
+  async.getAsyncCallee() = cb and
+  rh.getAstNode() = invokesCallbackThatThrowsUncaughtException(async, thrower)
+}
+
+/**
+ * A call that may cause a function to be invoked in an asynchronous context outside of the visible source code.
+ */
+class AsyncSentinelCall extends DataFlow::CallNode {
+  Function asyncCallee;
+
+  AsyncSentinelCall() {
+    exists(DataFlow::FunctionNode node | node.getAstNode() = asyncCallee |
+      // manual models
+      exists(string memberName |
+        not "Sync" = memberName.suffix(memberName.length() - 4) and
+        this = NodeJSLib::FS::moduleMember(memberName).getACall() and
+        node = this.getCallback([1 .. 2])
+      )
+      // (add additional cases here to improve the query)
+    )
+  }
+
+  /**
+   * Gets the callee that is invoked in an asynchronous context.
+   */
+  Function getAsyncCallee() { result = asyncCallee }
+}
+
+/**
+ * A callback provided to an asynchronous call (heuristic).
+ */
+class AsyncCallback extends Function {
+  AsyncCallback() { any(AsyncSentinelCall c).getAsyncCallee() = this }
+}
+
+/**
+ * A node that is likely to throw an exception.
+ *
+ * This is the primary extension point for this query.
+ */
+abstract class LikelyExceptionThrower extends ASTNode { }
+
+/**
+ * A `throw` statement.
+ */
+class TrivialThrowStatement extends LikelyExceptionThrower, ThrowStmt { }
+
+/**
+ * Empty class for avoiding emptiness checks from the compiler when there are no Expr-typed instances of the LikelyExceptionThrower type.
+ */
+class CompilerConfusingExceptionThrower extends LikelyExceptionThrower {
+  CompilerConfusingExceptionThrower() { none() }
+}
+
+/**
+ * Edges that builds an explanatory graph that follows the mental model of how the the exception flows.
+ *
+ * - step 1. exception is thrown
+ * - step 2. exception escapes the enclosing function
+ * - step 3. exception follows the call graph backwards until an async callee is encountered
+ * - step 4. (at this point, the program crashes)
+ */
+query predicate edges(ASTNode pred, ASTNode succ) {
+  exists(LikelyExceptionThrower thrower | main(_, _, _, thrower) |
+    pred = thrower and
+    succ = thrower.getContainer()
+    or
+    exists(DataFlow::InvokeNode invk, Function fun |
+      fun = throwsUncaughtExceptionInAsyncContext(thrower)
+    |
+      succ = invk.getAstNode() and
+      pred = invk.getACallee() and
+      pred = fun
+      or
+      succ = fun and
+      succ = invk.getContainer() and
+      pred = invk.getAstNode()
+    )
+  )
+}
+
+/**
+ * A node in the `edge/2` relation above.
+ */
+query predicate nodes(ASTNode node) {
+  edges(node, _) or
+  edges(_, node)
+}
+
+from
+  HTTP::RouteHandler rh, AsyncSentinelCall async, DataFlow::Node callbackArg, AsyncCallback cb,
+  ExprOrStmt crasher
+where
+  main(rh, async, cb, crasher) and
+  callbackArg.getALocalSource().getAstNode() = cb and
+  async.getAnArgument() = callbackArg
+select crasher, crasher, cb,
+  "The server of $@ will terminate when an uncaught exception from here escapes this $@", rh,
+  "this route handler", callbackArg, "asynchronous callback"
diff --git a/javascript/ql/src/Security/CWE-730/examples/server-crash.BAD.js b/javascript/ql/src/Security/CWE-730/examples/server-crash.BAD.js
new file mode 100644
index 00000000000..9642ced4c1a
--- /dev/null
+++ b/javascript/ql/src/Security/CWE-730/examples/server-crash.BAD.js
@@ -0,0 +1,22 @@
+const express = require("express"),
+  fs = require("fs");
+
+function save(rootDir, path, content) {
+  if (!isValidPath(rootDir, req.query.filePath)) {
+    throw new Error(`Invalid filePath: ${req.query.filePath}`); // BAD crashes the server
+  }
+  // write content to disk
+}
+express().post("/save", (req, res) => {
+  fs.exists(rootDir, (exists) => {
+    if (!exists) {
+      console.error(`Server setup is corrupted, ${rootDir} does not exist!`);
+      res.status(500);
+      res.end();
+      return;
+    }
+    save(rootDir, req.query.path, req.body);
+    res.status(200);
+    res.end();
+  });
+});
diff --git a/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-A.js b/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-A.js
new file mode 100644
index 00000000000..b23071ea53c
--- /dev/null
+++ b/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-A.js
@@ -0,0 +1,14 @@
+// ...
+express().post("/save", (req, res) => {
+  fs.exists(rootDir, (exists) => {
+    // ...
+    try {
+      save(rootDir, req.query.path, req.body); // GOOD no uncaught exception
+      res.status(200);
+      res.end();
+    } catch (e) {
+      res.status(500);
+      res.end();
+    }
+  });
+});
diff --git a/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js b/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js
new file mode 100644
index 00000000000..2a795ac001f
--- /dev/null
+++ b/javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js
@@ -0,0 +1,12 @@
+// ...
+express().post("/save", async (req, res) => {
+  if (!(await fs.promises.exists(rootDir))) {
+    console.error(`Server setup is corrupted, ${rootDir} does not exist!`);
+    res.status(500);
+    res.end();
+    return;
+  }
+  save(rootDir, req.query.path, req.body); // MAYBE BAD, depends on the commandline options
+  res.status(200);
+  res.end();
+});
diff --git a/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.expected b/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.expected
new file mode 100644
index 00000000000..ef20a62aa9d
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.expected
@@ -0,0 +1,65 @@
+edges
+| server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ...  OK\\n  } |
+| server-crash.js:18:1:20:1 | functio ... OT OK\\n} | server-crash.js:59:5:59:18 | indirection2() |
+| server-crash.js:19:3:19:11 | throw 42; | server-crash.js:18:1:20:1 | functio ... OT OK\\n} |
+| server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... K\\n    } |
+| server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ...  OK\\n  } |
+| server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ...  OK\\n  } |
+| server-crash.js:59:5:59:18 | indirection2() | server-crash.js:58:23:60:3 | (err, x ... ();\\n  } |
+| server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ...  OK\\n  } |
+| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ...  OK\\n  } |
+| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... K\\n    } |
+| server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:108:26:110:7 | () => { ...       } |
+| server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:116:26:118:7 | () => { ...       } |
+| server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... K\\n    } |
+| server-crash.js:152:3:154:3 | functio ...  OK\\n  } | server-crash.js:157:5:157:16 | throwError() |
+| server-crash.js:152:3:154:3 | functio ...  OK\\n  } | server-crash.js:160:5:160:16 | throwError() |
+| server-crash.js:152:3:154:3 | functio ...  OK\\n  } | server-crash.js:164:3:164:14 | throwError() |
+| server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:152:3:154:3 | functio ...  OK\\n  } |
+| server-crash.js:153:11:153:21 | new Error() | server-crash.js:152:3:154:3 | functio ...  OK\\n  } |
+| server-crash.js:157:5:157:16 | throwError() | server-crash.js:156:3:158:3 | functio ... ath\\n  } |
+nodes
+| server-crash.js:14:23:16:3 | (err, x ...  OK\\n  } |
+| server-crash.js:15:5:15:14 | throw err; |
+| server-crash.js:18:1:20:1 | functio ... OT OK\\n} |
+| server-crash.js:19:3:19:11 | throw 42; |
+| server-crash.js:23:25:25:5 | (err, x ... K\\n    } |
+| server-crash.js:24:7:24:16 | throw err; |
+| server-crash.js:35:23:37:3 | (err, x ...  OK\\n  } |
+| server-crash.js:36:5:36:14 | throw err; |
+| server-crash.js:40:23:42:3 | (err, x ...  OK\\n  } |
+| server-crash.js:41:5:41:14 | throw err; |
+| server-crash.js:58:23:60:3 | (err, x ... ();\\n  } |
+| server-crash.js:59:5:59:18 | indirection2() |
+| server-crash.js:87:23:89:3 | (err, x ...  OK\\n  } |
+| server-crash.js:88:5:88:14 | throw err; |
+| server-crash.js:93:22:95:3 | () => { ...  OK\\n  } |
+| server-crash.js:94:5:94:14 | throw "e"; |
+| server-crash.js:101:24:103:5 | () => { ... K\\n    } |
+| server-crash.js:102:7:102:16 | throw "e"; |
+| server-crash.js:108:26:110:7 | () => { ...       } |
+| server-crash.js:109:9:109:18 | throw "e"; |
+| server-crash.js:116:26:118:7 | () => { ...       } |
+| server-crash.js:117:9:117:18 | throw "e"; |
+| server-crash.js:130:25:132:5 | (err, x ... K\\n    } |
+| server-crash.js:131:7:131:16 | throw err; |
+| server-crash.js:152:3:154:3 | functio ...  OK\\n  } |
+| server-crash.js:153:5:153:22 | throw new Error(); |
+| server-crash.js:153:11:153:21 | new Error() |
+| server-crash.js:156:3:158:3 | functio ... ath\\n  } |
+| server-crash.js:157:5:157:16 | throwError() |
+| server-crash.js:160:5:160:16 | throwError() |
+| server-crash.js:164:3:164:14 | throwError() |
+#select
+| server-crash.js:15:5:15:14 | throw err; | server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ...  OK\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:14:23:16:3 | (err, x ...  OK\\n  } | asynchronous callback |
+| server-crash.js:19:3:19:11 | throw 42; | server-crash.js:19:3:19:11 | throw 42; | server-crash.js:58:23:60:3 | (err, x ... ();\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:58:23:60:3 | (err, x ... ();\\n  } | asynchronous callback |
+| server-crash.js:24:7:24:16 | throw err; | server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... K\\n    } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:23:25:25:5 | (err, x ... K\\n    } | asynchronous callback |
+| server-crash.js:36:5:36:14 | throw err; | server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ...  OK\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:35:23:37:3 | (err, x ...  OK\\n  } | asynchronous callback |
+| server-crash.js:41:5:41:14 | throw err; | server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ...  OK\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:40:23:42:3 | (err, x ...  OK\\n  } | asynchronous callback |
+| server-crash.js:88:5:88:14 | throw err; | server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ...  OK\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:87:23:89:3 | (err, x ...  OK\\n  } | asynchronous callback |
+| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ...  OK\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:92:31:120:1 | (req, r ...   });\\n} | this route handler | server-crash.js:93:22:95:3 | () => { ...  OK\\n  } | asynchronous callback |
+| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... K\\n    } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:92:31:120:1 | (req, r ...   });\\n} | this route handler | server-crash.js:101:24:103:5 | () => { ... K\\n    } | asynchronous callback |
+| server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:108:26:110:7 | () => { ...       } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:92:31:120:1 | (req, r ...   });\\n} | this route handler | server-crash.js:108:26:110:7 | () => { ...       } | asynchronous callback |
+| server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:116:26:118:7 | () => { ...       } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:92:31:120:1 | (req, r ...   });\\n} | this route handler | server-crash.js:116:26:118:7 | () => { ...       } | asynchronous callback |
+| server-crash.js:131:7:131:16 | throw err; | server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... K\\n    } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:128:32:135:1 | async ( ... un();\\n} | this route handler | server-crash.js:130:25:132:5 | (err, x ... K\\n    } | asynchronous callback |
+| server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:156:3:158:3 | functio ... ath\\n  } | The server of $@ will terminate when an uncaught exception from here escapes this $@ | server-crash.js:151:40:166:1 | (req, r ... nc();\\n} | this route handler | server-crash.js:161:16:161:17 | cb | asynchronous callback |
diff --git a/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.qlref b/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.qlref
new file mode 100644
index 00000000000..294d08cdcbb
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.qlref
@@ -0,0 +1 @@
+Security/CWE-730/ServerCrash.ql
diff --git a/javascript/ql/test/query-tests/Security/CWE-730/server-crash.js b/javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
new file mode 100644
index 00000000000..cb7bc4d9b8e
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
@@ -0,0 +1,166 @@
+const express = require("express");
+const app = express();
+const fs = require("fs");
+const EventEmitter = require("events");
+const http = require("http");
+
+const port = 12000;
+let server = app.listen(port, () =>
+  // for manual testing of the fickle node.js runtime
+  console.log(`Example app listening on port ${port}!`)
+);
+
+function indirection1() {
+  fs.readFile("/foo", (err, x) => {
+    throw err; // NOT OK
+  });
+}
+function indirection2() {
+  throw 42; // NOT OK
+}
+function indirection3() {
+  try {
+    fs.readFile("/foo", (err, x) => {
+      throw err; // NOT OK
+    });
+  } catch (e) {}
+}
+function indirection4() {
+  throw 42; // OK: guarded caller
+}
+function indirection5() {
+  indirection6();
+}
+function indirection6() {
+  fs.readFile("/foo", (err, x) => {
+    throw err; // NOT OK
+  });
+}
+app.get("/async-throw", (req, res) => {
+  fs.readFile("/foo", (err, x) => {
+    throw err; // NOT OK
+  });
+  fs.readFile("/foo", (err, x) => {
+    try {
+      throw err; // OK: guarded throw
+    } catch (e) {}
+  });
+  fs.readFile("/foo", (err, x) => {
+    res.setHeader("reflected", req.query.header); // NOT OK [INCONSISTENCY]
+  });
+  fs.readFile("/foo", (err, x) => {
+    try {
+      res.setHeader("reflected", req.query.header); // OK: guarded call
+    } catch (e) {}
+  });
+
+  indirection1();
+  fs.readFile("/foo", (err, x) => {
+    indirection2();
+  });
+
+  indirection3();
+  try {
+    indirection4();
+  } catch (e) {}
+  indirection5();
+
+  fs.readFile("/foo", (err, x) => {
+    req.query.foo; // OK
+  });
+  fs.readFile("/foo", (err, x) => {
+    req.query.foo.toString(); // OK
+  });
+
+  fs.readFile("/foo", (err, x) => {
+    req.query.foo.bar; // NOT OK [INCONSISTENCY]: need to add property reads as sinks
+  });
+  fs.readFile("/foo", (err, x) => {
+    res.setHeader("reflected", unknown); // OK
+  });
+
+  try {
+    indirection7();
+  } catch (e) {}
+});
+function indirection7() {
+  fs.readFile("/foo", (err, x) => {
+    throw err; // NOT OK
+  });
+}
+
+app.get("/async-throw-again", (req, res) => {
+  fs.readFile("foo", () => {
+    throw "e"; // NOT OK
+  });
+  fs.readFileSync("foo", () => {
+    throw "e"; // OK (does not take callbacks at all)
+  });
+  // can nest async calls (and only warns about the inner one)
+  fs.readFile("foo", () => {
+    fs.readFile("bar", () => {
+      throw "e"; // NOT OK
+    });
+  });
+  fs.readFile("foo", () => {
+    // can not catch async exceptions
+    try {
+      fs.readFile("bar", () => {
+        throw "e"; // NOT OK
+      });
+    } catch (e) {}
+  });
+  // can mix sync/async calls
+  fs.readFile("foo", () => {
+    (() =>
+      fs.readFile("bar", () => {
+        throw "e"; // NOT OK
+      }))();
+  });
+});
+
+app.get("/throw-in-promise-1", async (req, res) => {
+  async function fun() {
+    throw new Error(); // OK, requires `node --unhandled-rejections=strict ...` to terminate the process
+  }
+  await fun();
+});
+app.get("/throw-in-promise-2", async (req, res) => {
+  async function fun() {
+    fs.readFile("/foo", (err, x) => {
+      throw err; // NOT OK
+    });
+  }
+  await fun();
+});
+app.get("/throw-in-promise-3", async (req, res) => {
+  fs.readFile("/foo", async (err, x) => {
+    throw err; // OK, requires `node --unhandled-rejections=strict ...` to terminate the process
+  });
+});
+
+app.get("/throw-in-event-emitter", async (req, res) => {
+  class MyEmitter extends EventEmitter {}
+  const myEmitter = new MyEmitter();
+  myEmitter.on("event", () => {
+    throw new Error(); // OK, requires `node --unhandled-rejections=strict ...` to terminate the process
+  });
+  myEmitter.emit("event");
+});
+
+app.get("/throw-with-ambiguous-paths", (req, res) => {
+  function throwError() {
+    throw new Error(); // NOT OK
+  }
+
+  function cb() {
+    throwError(); // on path
+  }
+  function withAsync() {
+    throwError(); // not on path
+    fs.stat(X, cb);
+  }
+
+  throwError(); // not on path
+  withAsync();
+});