Turnitin
降AI改写
早检测系统
早降重系统
Turnitin-UK版
万方检测-期刊版
维普编辑部版
Grammarly检测
Paperpass检测
checkpass检测
PaperYY检测
{DONAPI}: Malicious {NPM} Packages Detector using Behavior Sequence Knowledge Map**
With the growing popularity of modularity in software development comes the rise of
package managers and language ecosystems. Among them, npm stands out as the most …
package managers and language ecosystems. Among them, npm stands out as the most …
Silent spring: Prototype pollution leads to remote code execution in Node. js
Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
Jack-in-the-box: An empirical study of javascript bundling on the web and its security implications
J Rack, CA Staicu - Proceedings of the 2023 ACM SIGSAC Conference …, 2023 - dl.acm.org
In recent years, we have seen an increased interest in studying the software supply chain of
user-facing applications to uncover problematic third-party dependencies. Prior work shows …
user-facing applications to uncover problematic third-party dependencies. Prior work shows …
Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability
Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …
and severe software weaknesses. There exists an inherent trade-off between analysis …
Wolf at the door: Preventing install-time attacks in npm with latch
The npm software ecosystem allows developers to easily import code written by others.
However, manual vetting of every individual installed component is made difficult in many …
However, manual vetting of every individual installed component is made difficult in many …
SecBench. js: An executable security benchmark suite for server-side JavaScript
MHM Bhuiyan, AS Parthasarathy… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
NPM is the largest software ecosystem in the world, offering millions of free, reusable
packages. In recent years, various security threats to packages published on npm have …
packages. In recent years, various security threats to packages published on npm have …
Supply-chain vulnerability elimination via active learning and regeneration
Software supply-chain attacks target components that are integrated into client applications.
Such attacks often target widely-used components, with the attack taking place via …
Such attacks often target widely-used components, with the attack taking place via …
Cage4Deno: A fine-grained sandbox for Deno subprocesses
Deno is a runtime for JavaScript and TypeScript that is receiving great interest by
developers, and is increasingly used for the construction of back-ends of web applications. A …
developers, and is increasingly used for the construction of back-ends of web applications. A …
Undefined-oriented programming: Detecting and chaining prototype pollution gadgets in node. js template engines for malicious consequences
Prototype pollution is a type of recently-discovered, impactful vulnerability that affects
JavaScript code. One important yet challenging research problem of prototype pollution is …
JavaScript code. One important yet challenging research problem of prototype pollution is …
Nodemedic: End-to-end analysis of node. js vulnerabilities with provenance graphs
Packages in the Node. js ecosystem often suffer from serious vulnerabilities such as
arbitrary command injection and code execution. Existing taint analysis tools fall short in …
arbitrary command injection and code execution. Existing taint analysis tools fall short in …