diff --git a/javascript/config/suites/javascript/security b/javascript/config/suites/javascript/security
index 9c9f2e007f8..3e87d292d7b 100644
--- a/javascript/config/suites/javascript/security
+++ b/javascript/config/suites/javascript/security
@@ -51,7 +51,6 @@
 + semmlecode-javascript-queries/Security/CWE-730/RegExpInjection.ql: /Security/CWE/CWE-730
 + semmlecode-javascript-queries/Security/CWE-754/UnvalidatedDynamicMethodCall.ql: /Security/CWE/CWE-754
 + semmlecode-javascript-queries/Security/CWE-770/MissingRateLimiting.ql: /Security/CWE/CWE-770
-+ semmlecode-javascript-queries/Security/CWE-770/ResourceExhaustion.ql: /Security/CWE/CWE-770
 + semmlecode-javascript-queries/Security/CWE-776/XmlBomb.ql: /Security/CWE/CWE-776
 + semmlecode-javascript-queries/Security/CWE-798/HardcodedCredentials.ql: /Security/CWE/CWE-798
 + semmlecode-javascript-queries/Security/CWE-807/ConditionalBypass.ql: /Security/CWE/CWE-807
diff --git a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp b/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.qhelp
similarity index 100%
rename from javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp
rename to javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.qhelp
diff --git a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql
similarity index 86%
rename from javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
rename to javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql
index adb8663085e..473522f6a86 100644
--- a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
+++ b/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql
@@ -12,7 +12,7 @@
 
 import javascript
 import DataFlow::PathGraph
-import semmle.javascript.security.dataflow.ResourceExhaustion::ResourceExhaustion
+import experimental.semmle.javascript.security.dataflow.ResourceExhaustion::ResourceExhaustion
 
 from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink
 where dataflow.hasFlowPath(source, sink)
diff --git a/javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout.js b/javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout.js
similarity index 100%
rename from javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout.js
rename to javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout.js
diff --git a/javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js b/javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js
similarity index 100%
rename from javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js
rename to javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustion.qll b/javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustion.qll
similarity index 100%
rename from javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustion.qll
rename to javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustion.qll
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll b/javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
similarity index 100%
rename from javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
rename to javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.expected b/javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.expected
similarity index 63%
rename from javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.expected
rename to javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.expected
index e3bb6853d19..e1670319206 100644
--- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.expected
+++ b/javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.expected
@@ -1,13 +1,13 @@
 nodes
-| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
-| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
-| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
-| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
+| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
 | resource-exhaustion.js:9:7:9:42 | s |
 | resource-exhaustion.js:9:11:9:34 | url.par ... , true) |
 | resource-exhaustion.js:9:11:9:40 | url.par ... ).query |
@@ -30,14 +30,14 @@ nodes
 | resource-exhaustion.js:88:18:88:18 | s |
 | resource-exhaustion.js:88:18:88:18 | s |
 edges
-| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
-| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
-| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
-| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
+| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
 | resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:10:20:10:20 | s |
 | resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:39:12:39:12 | s |
 | resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:39:12:39:12 | s |
@@ -59,7 +59,7 @@ edges
 | resource-exhaustion.js:10:11:10:21 | parseInt(s) | resource-exhaustion.js:10:7:10:21 | n |
 | resource-exhaustion.js:10:20:10:20 | s | resource-exhaustion.js:10:11:10:21 | parseInt(s) |
 #select
-| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from $@. | documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | here |
+| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from $@. | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | here |
 | resource-exhaustion.js:38:12:38:12 | n | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:38:12:38:12 | n | This creates a string with a user-controlled length from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |
 | resource-exhaustion.js:39:12:39:12 | s | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:39:12:39:12 | s | This creates a string with a user-controlled length from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |
 | resource-exhaustion.js:85:17:85:17 | n | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:85:17:85:17 | n | This creates a timer with a user-controlled duration from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |
diff --git a/javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.qlref b/javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.qlref
new file mode 100644
index 00000000000..13cbfcb0db6
--- /dev/null
+++ b/javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-770/ResourceExhaustion.ql
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout.js b/javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout.js
rename to javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout_fixed.js b/javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout_fixed.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout_fixed.js
rename to javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout_fixed.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/resource-exhaustion.js b/javascript/ql/test/experimental/Security/CWE-770/resource-exhaustion.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-770/resource-exhaustion.js
rename to javascript/ql/test/experimental/Security/CWE-770/resource-exhaustion.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.qlref b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.qlref
deleted file mode 100644
index 38e612d406f..00000000000
--- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.qlref
+++ /dev/null
@@ -1 +0,0 @@
-Security/CWE-770/ResourceExhaustion.ql