Security Vulnerabilities

Code-based Vulnerability Detection in Node.js Applications: How far are we?

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming applications. With recent work showing evidence that known vulnerabilities being prevalent in both an …

(Master Thesis) A study on the spread of vulnerability fixes within the npm JavaScript ecosystem

In recent times, the vulnerability of library has become a big concern for the developer because of its impact on many packages in the ecosystem. The recent studies show that developers do not update the vulnerability fix. This behavior of developers …

Towards smoother library migrations: A look at vulnerable dependency migrations at function level for NPM JavaScript packages

It has become common practice for software projects to adopt third-party libraries, allowing developers full access to functions that otherwise will take time and effort to create them-selves. Regardless of migration effort involved, developers are …