Code-based Vulnerability Detection in Node.js Applications: How far are we?


With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming applications. With recent work showing evidence that known vulnerabilities being prevalent in both an Open Source and industry, we propose and implement a viable code-based vulnerability detection tool in Node.js applications. Our case study lists the challenges when implementing this Node.js vulnerable code detector.

Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)