all InfoSec news
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping
March 14, 2024, 4:11 a.m. | Cheng Huang (Sichuan University), Nannan Wang (Sichuan University), Ziyan Wang (Sichuan University), Siqi Sun (Sichuan University), Lingzi Li (Sichuan
cs.CR updates on arXiv.org arxiv.org
Abstract: With the growing popularity of modularity in software development comes the rise of package managers and language ecosystems. Among them, npm stands out as the most extensive package manager, hosting more than 2 million third-party open-source packages that greatly simplify the process of building code. However, this openness also brings security risks, as evidenced by numerous package poisoning incidents.
In this paper, we synchronize a local package cache containing more than 3.4 million packages in …
arxiv building code cs.cr detector development ecosystems hosting knowledge language malicious malicious npm manager managers mapping npm package package manager package managers packages party process simplify software software development third third-party
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC