v1v2 (latest)

What are Weak Links in the npm Supply Chain?

19 December 2021

Papers citing "What are Weak Links in the npm Supply Chain?"

33 / 33 papers shown

Title
Open Source, Open Threats? Investigating Security Challenges in Open-Source Software Seyed Ali Akhavani Behzad Ousat Amin Kharraz 25 0 0 15 Jun 2025
PoCGen: Generating Proof-of-Concept Exploits for Vulnerabilities in Npm Packages Deniz Simsek Aryaz Eghbali Michael Pradel 108 0 0 05 Jun 2025
Automatically Generating Rules of Malicious Software Packages via Large Language Model XiangRui Zhang HaoYu Chen YongZhong He Wenjia Niu Qiang Li 74 0 0 24 Apr 2025
ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale Wenxin Jiang Berk Çakar Mikola Lysenko James C. Davis 105 0 0 27 Feb 2025
SOK: Exploring Hallucinations and Security Risks in AI-Assisted Software Development with Insights for LLM Deployment Ariful Haque Sunzida Siddique M. Rahman Ahmed Rafi Hasan Laxmi Rani Das Marufa Kamal Tasnim Masura Kishor Datta Gupta 120 1 0 31 Jan 2025
Dirty-Waters: Detecting Software Supply Chain Smells Raphina Liu Sofia Bobadilla Benoit Baudry Martin Monperrus 120 0 0 21 Oct 2024
Software Security Analysis in 2030 and Beyond: A Research Roadmap Marcel Böhme Eric Bodden Tevfik Bultan Cristian Cadar Yang Liu Giuseppe Scanniello 72 3 0 26 Sep 2024
Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments Xinyi Zheng Chen Wei Shenao Wang Yanjie Zhao Peiming Gao Yuanchao Zhang Kailong Wang Haoyu Wang 63 4 0 14 Sep 2024
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties C. Okafor Taylor R. Schorlemmer Santiago Torres-Arias James C. Davis 106 46 0 14 Jun 2024
An Industry Interview Study of Software Signing for Supply Chain Security Kelechi G. Kalu Tanya Singla C. Okafor Santiago Torres-Arias James C. Davis 113 7 0 12 Jun 2024
SoK: A Defense-Oriented Evaluation of Software Supply Chain Security Eman Abu Ishgair Marcela S. Melara Santiago Torres-Arias 46 2 0 23 May 2024
A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems Xiaoyan Zhou Feiran Liang Zhaojie Xie Yang Lan Wenjia Niu Jiqiang Liu Haining Wang Qiang Li 166 1 0 17 Apr 2024
Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers Sivana Hamer Marcelo dÁmorim Laurie A. Williams SILM ELM 87 19 0 22 Mar 2024
Leveraging Large Language Models to Detect npm Malicious Packages Nusrat Zahan Philipp Burckhardt Mikola Lysenko Feross Aboukhadijeh Laurie A. Williams 70 1 0 18 Mar 2024
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping Cheng Huang Nannan Wang Ziteng Wang Siqi Sun Lingzi Li Junren Chen Qianchong Zhao Jiaxuan Han Zhen Yang Lei Shi Sichuan University 70 11 0 13 Mar 2024
Quantification and Modeling of Broken Links Prevalence in Hyper Traffic Websites Homepages Ronan Mouchoux Laurent Moulin Nicolas Striebig 26 0 0 28 Feb 2024
Malicious Package Detection using Metadata Information Sajal Halder Michael Bewong Arash Mahboubi Yinhao Jiang Md. Rafiqul Islam Md. Zahidul Islam Ryan H. L. Ip Muhammad Ejaz Ahmed Gowri Ramachandran Muhammad Ali Babar 30 8 0 12 Feb 2024
Why Not Mitigate Vulnerabilities in Helm Charts? Yihao Chen Jiahuei Lin Bram Adams Ahmed E. Hassan 43 0 0 23 Dec 2023
An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures Tanmay Singla Dharun Anandayuvaraj Kelechi G. Kalu Taylor R. Schorlemmer James C. Davis 133 14 0 09 Aug 2023
The Hitchhiker's Guide to Malicious Third-Party Dependencies Piergiorgio Ladisa Merve Sahin Serena Elisa Ponta M. Rosa Matias Martinez Olivier Barais 45 7 0 18 Jul 2023
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation Wenya Wang Xingwei Lin Jingyi Wang Wang Gao Dawu Gu Wei Lv Jiashui Wang 46 3 0 24 Jun 2023
Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem Nasif Imtiaz Preya Shabrina Laurie A. Williams 26 0 0 31 May 2023
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js Marc Ohm Timo Pohl Felix Boes 134 6 0 31 May 2023
Software supply chain: review of attacks, risk assessment strategies and security controls Betul Gokkaya Leonardo Aniello Basel Halak 50 6 0 23 May 2023
Challenges of Producing Software Bill Of Materials for Java Musard Balliu Benoit Baudry Sofia Bobadilla M. Ekstedt Monperrus Martin Javier Ron Aman Sharma Gabriel Skoglund César Soto-Valero Martin Wittlinger 145 31 0 20 Mar 2023
An Empirical Study of Pre-Trained Model Reuse in the Hugging Face Deep Learning Model Registry Wenxin Jiang Nicholas Synovic Matt Hyatt Taylor R. Schorlemmer R. Sethi Yung-Hsiang Lu George K. Thiruvathukal James C. Davis 88 71 0 05 Mar 2023
Navigating Complexity in Software Engineering: A Prototype for Comparing GPT-n Solutions Christoph Treude 68 18 0 28 Jan 2023
Flareon: Stealthy any2any Backdoor Injection via Poisoned Augmentation Tianrui Qin Xianghuan He Xitong Gao Yiren Zhao Kejiang Ye Chengjie Xu AAML 65 3 0 20 Dec 2022
Do Software Security Practices Yield Fewer Vulnerabilities? Nusrat Zahan S. Shohan Dan Harris Laurie A. Williams 78 16 0 20 Oct 2022
A Benchmark Comparison of Python Malware Detection Approaches Duc-Ly Vu Zachary Newman J. Meyers 160 21 0 27 Sep 2022
OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics Nusrat Zahan Parth Kanakiya Brian Hambleton S. Shohan Laurie A. Williams 54 18 0 06 Aug 2022
Taxonomy of Attacks on Open-Source Software Supply Chains Piergiorgio Ladisa H. Plate Matias Martinez Olivier Barais 100 148 0 08 Apr 2022
Security, Privacy, and Decentralization in Web3 Philipp Winter Anna Harbluk Lorimer Peter Snyder B. Livshits 47 2 0 14 Sep 2021