diff --git a/integration/rules/javascript_test.go b/integration/rules/javascript_test.go
index a6770ea51..979a33277 100644
--- a/integration/rules/javascript_test.go
+++ b/integration/rules/javascript_test.go
@@ -61,3 +61,13 @@ func TestJavascriptLangExceptionDataflow(t *testing.T) {
 	t.Parallel()
 	runRulesTest("javascript/lang/exception", "dataflow", "javascript_lang_exception", t)
 }
+
+func TestJavascriptLangFileGenerationSummary(t *testing.T) {
+	t.Parallel()
+	runRulesTest("javascript/lang/file_generation", "summary", "javascript_lang_file_generation", t)
+}
+
+func TestJavascriptLangFileGenerationDataflow(t *testing.T) {
+	t.Parallel()
+	runRulesTest("javascript/lang/file_generation", "dataflow", "javascript_lang_file_generation", t)
+}
diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml
new file mode 100644
index 000000000..94c0ae189
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation.yml
@@ -0,0 +1,36 @@
+patterns:
+  - pattern: |
+      fs.writeFile($<_>, $<DATA_TYPE>, $<...>)
+    filters:
+      - variable: DATA_TYPE
+        detection: datatype
+  - pattern: |
+      fs.writeFile($<_>, $<DATA_TYPE>, $<_>, ($<_>) => {})
+    filters:
+      - variable: DATA_TYPE
+        detection: datatype
+languages:
+  - javascript
+trigger: local
+severity:
+  default: low
+  PII: critical
+  PHI: medium
+  PD: high
+metadata:
+  description: "Do not write sensitive data to static files."
+  remediation_message: |
+    ## Description
+
+    It is not uncommon to generate logs, backups, or data exports to static file formats. This rule checks if code exists to write sensitive data to static files.
+
+    ## Remediations
+
+    Coming soon.
+
+    <!--
+    ## Resources
+    Coming soon.
+    -->
+  dsr_id: DSR-4
+  id: javascript_lang_file_generation
diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationDataflow-dataflow_javascript_lang_file_generation_file_generation.js b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationDataflow-dataflow_javascript_lang_file_generation_file_generation.js
new file mode 100644
index 000000000..90a7943fe
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationDataflow-dataflow_javascript_lang_file_generation_file_generation.js
@@ -0,0 +1,98 @@
+data_types:
+    - name: Email Address
+      detectors:
+        - name: javascript
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 11
+              field_name: email
+              object_name: user
+              subject_name: User
+    - name: Firstname
+      detectors:
+        - name: javascript
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 8
+              field_name: firstname
+              object_name: user
+              subject_name: User
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 12
+              field_name: firstname
+              object_name: user
+              subject_name: User
+    - name: Lastname
+      detectors:
+        - name: javascript
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 8
+              field_name: surname
+              object_name: user
+              subject_name: User
+risks:
+    - detector_id: javascript_lang_file_generation
+      data_types:
+        - name: Email Address
+          stored: false
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 11
+              parent:
+                line_number: 18
+                content: |-
+                    fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+                      if (err) console.log(err)
+                      else console.log("Data saved")
+                    })
+              field_name: email
+              object_name: user
+              subject_name: User
+        - name: Firstname
+          stored: false
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 8
+              parent:
+                line_number: 18
+                content: |-
+                    fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+                      if (err) console.log(err)
+                      else console.log("Data saved")
+                    })
+              field_name: firstname
+              object_name: user
+              subject_name: User
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 12
+              parent:
+                line_number: 18
+                content: |-
+                    fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+                      if (err) console.log(err)
+                      else console.log("Data saved")
+                    })
+              field_name: firstname
+              object_name: user
+              subject_name: User
+        - name: Lastname
+          stored: false
+          locations:
+            - filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+              line_number: 8
+              parent:
+                line_number: 18
+                content: |-
+                    fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+                      if (err) console.log(err)
+                      else console.log("Data saved")
+                    })
+              field_name: surname
+              object_name: user
+              subject_name: User
+components: []
+
+
+--
+
diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationSummary-summary_javascript_lang_file_generation_file_generation.js b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationSummary-summary_javascript_lang_file_generation_file_generation.js
new file mode 100644
index 000000000..954dabbc3
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation/.snapshots/TestJavascriptLangFileGenerationSummary-summary_javascript_lang_file_generation_file_generation.js
@@ -0,0 +1,47 @@
+critical:
+    - rule_dsrid: DSR-4
+      rule_display_id: javascript_lang_file_generation
+      rule_description: Do not write sensitive data to static files.
+      rule_documentation_url: https://curio.sh/reference/rules/javascript_lang_file_generation
+      line_number: 8
+      filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+      category_groups:
+        - PII
+      parent_line_number: 18
+      parent_content: |-
+        fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+          if (err) console.log(err)
+          else console.log("Data saved")
+        })
+    - rule_dsrid: DSR-4
+      rule_display_id: javascript_lang_file_generation
+      rule_description: Do not write sensitive data to static files.
+      rule_documentation_url: https://curio.sh/reference/rules/javascript_lang_file_generation
+      line_number: 11
+      filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+      category_groups:
+        - PII
+      parent_line_number: 18
+      parent_content: |-
+        fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+          if (err) console.log(err)
+          else console.log("Data saved")
+        })
+    - rule_dsrid: DSR-4
+      rule_display_id: javascript_lang_file_generation
+      rule_description: Do not write sensitive data to static files.
+      rule_documentation_url: https://curio.sh/reference/rules/javascript_lang_file_generation
+      line_number: 12
+      filename: pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
+      category_groups:
+        - PII
+      parent_line_number: 18
+      parent_content: |-
+        fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+          if (err) console.log(err)
+          else console.log("Data saved")
+        })
+
+
+--
+
diff --git a/pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js b/pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
new file mode 100644
index 000000000..2f4b7c6c0
--- /dev/null
+++ b/pkg/commands/process/settings/rules/javascript/lang/file_generation/testdata/file_generation.js
@@ -0,0 +1,21 @@
+const fs = require("fs")
+
+function generateUsername(firstname, surname) {
+  return `${firstname[0]}-${surname}`.toLowerCase()
+}
+
+const users = users.map((user) => {
+  const username = generateUsername(user.firstname, user.surname)
+
+  return {
+    email: user.email,
+    first_name: user.firstname,
+    username,
+  }
+})
+
+fs.writeFile("data.csv", JSON.stringify(users), callback)
+fs.writeFile("data.csv", JSON.stringify(users), "utf-8", (err) => {
+  if (err) console.log(err)
+  else console.log("Data saved")
+})