Papers
Communities
Events
Blog
Pricing
Search
Open menu
Home
Papers
2103.05769
Cited By
Containing Malicious Package Updates in npm with a Lightweight Permission System
8 March 2021
G. Ferreira
Limin Jia
Joshua Sunshine
Christian Kastner
Re-assign community
ArXiv (abs)
PDF
HTML
Papers citing
"Containing Malicious Package Updates in npm with a Lightweight Permission System"
15 / 15 papers shown
Title
"I wasn't sure if this is indeed a security risk": Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages
Rajdeep Ghosh
Shiladitya De
Mainack Mondal
29
0
0
09 Jun 2025
Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects
Ben Swierzy
Timo Pohl
Marc Ohm
M. Meier
66
0
0
09 May 2025
ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale
Wenxin Jiang
Berk Çakar
Mikola Lysenko
James C. Davis
105
0
0
27 Feb 2025
Tactics, Techniques, and Procedures (TTPs) in Interpreted Malware: A Zero-Shot Generation with Large Language Models
Ying Zhang
Xiaoyan Zhou
Hui Wen
Wenjia Niu
Jiqiang Liu
Haining Wang
Qiang Li
75
5
0
11 Jul 2024
SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java
Aman Sharma
Martin Wittlinger
Benoit Baudry
Martin Monperrus
71
7
0
28 Jun 2024
A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems
Xiaoyan Zhou
Feiran Liang
Zhaojie Xie
Yang Lan
Wenjia Niu
Jiqiang Liu
Haining Wang
Qiang Li
166
1
0
17 Apr 2024
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping
Cheng Huang
Nannan Wang
Ziteng Wang
Siqi Sun
Lingzi Li
Junren Chen
Qianchong Zhao
Jiaxuan Han
Zhen Yang
Lei Shi Sichuan University
70
11
0
13 Mar 2024
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation
Wenya Wang
Xingwei Lin
Jingyi Wang
Wang Gao
Dawu Gu
Wei Lv
Jiashui Wang
46
3
0
24 Jun 2023
Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem
Nasif Imtiaz
Preya Shabrina
Laurie A. Williams
26
0
0
31 May 2023
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js
Marc Ohm
Timo Pohl
Felix Boes
134
6
0
31 May 2023
Software supply chain: review of attacks, risk assessment strategies and security controls
Betul Gokkaya
Leonardo Aniello
Basel Halak
50
6
0
23 May 2023
Cargo Ecosystem Dependency-Vulnerability Knowledge Graph Construction and Vulnerability Propagation Study
Peiyang Jia
Chengwei Liu
Hongyu Sun
Chengyi Sun
Mianxue Gu
Yang Liu
Yuqing Zhang
31
3
0
14 Oct 2022
Taxonomy of Attacks on Open-Source Software Supply Chains
Piergiorgio Ladisa
H. Plate
Matias Martinez
Olivier Barais
100
148
0
08 Apr 2022
Practical Automated Detection of Malicious npm Packages
Adriana Sejfia
Max Schäfer
50
69
0
28 Feb 2022
What are Weak Links in the npm Supply Chain?
Nusrat Zahan
Thomas Zimmermann
Patrice Godefroid
Brendan Murphy
C. Maddila
Laurie A. Williams
107
113
0
19 Dec 2021
1
