Practical automated detection of malicious npm packages-Reference-Cited by-同舟云学术

Practical automated detection of malicious npm packages

Published:2022-05-21 Issue: Volume: Page:
ISSN:
Container-title:Proceedings of the 44th International Conference on Software Engineering
language:
Short-container-title:

Author:

Sejfia Adriana¹,Schäfer Max²

Affiliation:

1. University of Southern California

2. GitHub, Oxford, UK

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3510003.3510104

Reference34 articles.

1. Empirical Analysis of Security Vulnerabilities in Python Packages

2. Mining Apps for Abnormal Usage of Sensitive Data

3. Aadesh Bagmar , Josiah Wedgwood , Dave Levin , and Jim Purtilo . 2021. I Know What You Imported Last Summer: A study of security threats in the Python ecosystem. CoRR abs/2102.06301 ( 2021 ). arXiv:2102.06301 https://arxiv.org/abs/2102.06301 Aadesh Bagmar, Josiah Wedgwood, Dave Levin, and Jim Purtilo. 2021. I Know What You Imported Last Summer: A study of security threats in the Python ecosystem. CoRR abs/2102.06301 (2021). arXiv:2102.06301 https://arxiv.org/abs/2102.06301

4. Adam Baldwin. 2019. Plot to steal cryptocurrency foiled by the npm security team. https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm. Adam Baldwin. 2019. Plot to steal cryptocurrency foiled by the npm security team. https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm.

5. Alex Birsan . 2021 . Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies. https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610. Alex Birsan. 2021. Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies. https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610.

Cited by 27 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

2. OSSIntegrity: Collaborative open-source code integrity verification;Computers & Security;2024-09

3. Software supply chain security: a systematic literature review;International Journal of Computers and Applications;2024-08-19

4. Malicious Package Detection using Metadata Information;Proceedings of the ACM Web Conference 2024;2024-05-13

5. Increasing trust in the open source supply chain with reproducible builds and functional package management;Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings;2024-04-14