Console output: Scanning example for 106 sinks (context-depth: 3)... Successfully scanned 3 files Found 4 violations Violation found in /mnt/nvme/projects/sinker/example/src/index.ts:12 Sink: document.URL Category: Common Source Description: A source that can be controlled by an attacker and can lead to XSS if not properly sanitized. Link: https://portswigger.net/web-security/dom-based Line 9: // We decode the URL because browsers often auto-encode characters in document.URL, Line 10: // which might prevent the XSS from triggering in some modern browsers. Line 11: // Decoding it simulates a scenario where the application processes the raw input. Add // @safe-sink: a short explanation why its safe here to suppress this finding. Line 12: (>>) const url = decodeURIComponent(document.URL); Line 13: const contentDiv = document.getElementById('content'); Line 14: Line 15: if (contentDiv) {