On the feasibility of detecting injections in malicious npm packages-Reference-Cited by-同舟云学术

On the feasibility of detecting injections in malicious npm packages

Published:2022-08-23 Issue: Volume: Page:
ISSN:
Container-title:Proceedings of the 17th International Conference on Availability, Reliability and Security
language:
Short-container-title:

Author:

Scalco Simone¹,Paramitha Ranindya¹,Vu Duc-Ly²,Massacci Fabio³

Affiliation:

1. Department of Information Engineering and Computer Science, University of Trento, Italy

2. FPT University, Vietnam

3. Department of Information Engineering and Computer Science, University of Trento, Italy and Foundational Security, Vrije Universiteit Amsterdam, Netherlands

Funder

H2020 LEIT Information and Communication Technologies

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3538969.3543815

Reference26 articles.

1. 2019. Most popular npm packages. https://gist.github.com/anvaka/8e8fa57c7ee1350e3491. Accessed: 2022-03-10. 2019. Most popular npm packages. https://gist.github.com/anvaka/8e8fa57c7ee1350e3491. Accessed: 2022-03-10.

2. 2021. GitHut 2.0: A small place to discover languages in Github. https://madnight.github.io/githut/#/pull_requests/2021/4. Accessed: 2022-03-20. 2021. GitHut 2.0: A small place to discover languages in Github. https://madnight.github.io/githut/#/pull_requests/2021/4. Accessed: 2022-03-20.

3. [n.d.]. Git log. https://git-scm.com/docs/git-log/. Accessed: 2022-03-10. [n.d.]. Git log. https://git-scm.com/docs/git-log/. Accessed: 2022-03-10.

4. [n.d.]. NPM-Audit. https://docs.npmjs.com/cli/v8/commands/npm-audit/. Accessed: 2022-03-10. [n.d.]. NPM-Audit. https://docs.npmjs.com/cli/v8/commands/npm-audit/. Accessed: 2022-03-10.

5. Catalin Cimpanu. 2018. Compromised JavaScript Package Caught Stealing npm Credentials. https://www.bleepingcomputer.com/news/security/compromised-javascript-package-caught-stealing-npm-credentials/. (2018). Catalin Cimpanu. 2018. Compromised JavaScript Package Caught Stealing npm Credentials. https://www.bleepingcomputer.com/news/security/compromised-javascript-package-caught-stealing-npm-credentials/. (2018).

Cited by 14 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. OSSIntegrity: Collaborative open-source code integrity verification;Computers & Security;2024-09

2. Software supply chain security: a systematic literature review;International Journal of Computers and Applications;2024-08-19

3. Malicious Package Detection using Metadata Information;Proceedings of the ACM Web Conference 2024;2024-05-13

4. Hash4Patch: A Lightweight Low False Positive Tool for Finding Vulnerability Patch Commits;Proceedings of the 21st International Conference on Mining Software Repositories;2024-04-15

5. Secure Crowdsource-Based Open-Source Code Verification (SC)^2V;Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing;2024-04-08