{"id":"https://openalex.org/W4226416841","doi":"https://doi.org/10.1145/3510003.3510104","title":"Practical automated detection of malicious npm packages","display_name":"Practical automated detection of malicious npm packages","publication_year":2022,"publication_date":"2022-05-21","ids":{"openalex":"https://openalex.org/W4226416841","doi":"https://doi.org/10.1145/3510003.3510104"},"language":"en","primary_location":{"id":"doi:10.1145/3510003.3510104","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510003.3510104","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510003.3510104","source":{"id":"https://openalex.org/S4363608872","display_name":"Proceedings of the 44th International Conference on Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 44th International Conference on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3510003.3510104","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054547570","display_name":"Adriana Sejfia","orcid":"https://orcid.org/0009-0000-0655-5451"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]},{"id":"https://openalex.org/I2800817003","display_name":"Southern California University for Professional Studies","ror":"https://ror.org/058zz0t50","country_code":"US","type":"education","lineage":["https://openalex.org/I2800817003"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Adriana Sejfia","raw_affiliation_strings":["University of Southern California"],"affiliations":[{"raw_affiliation_string":"University of Southern California","institution_ids":["https://openalex.org/I2800817003","https://openalex.org/I1174212"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108554298","display_name":"Max Sch\u00e4fer","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Max Sch\u00e4fer","raw_affiliation_strings":["GitHub, Oxford, UK"],"affiliations":[{"raw_affiliation_string":"GitHub, Oxford, UK","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5054547570"],"corresponding_institution_ids":["https://openalex.org/I1174212","https://openalex.org/I2800817003"],"apc_list":null,"apc_paid":null,"fwci":7.6993,"has_fulltext":true,"cited_by_count":64,"citation_normalized_percentile":{"value":0.98488665,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1681","last_page":"1692"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8313212394714355},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6258741021156311},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6151546835899353},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5552552938461304},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.5250687003135681},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.47632724046707153},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.4656214416027069},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.43594983220100403},{"id":"https://openalex.org/keywords/daemon","display_name":"Daemon","score":0.41559216380119324},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31239092350006104},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.29762184619903564},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.28119874000549316},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23059707880020142}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8313212394714355},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6258741021156311},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6151546835899353},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5552552938461304},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.5250687003135681},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.47632724046707153},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.4656214416027069},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.43594983220100403},{"id":"https://openalex.org/C2777253204","wikidata":"https://www.wikidata.org/wiki/Q308980","display_name":"Daemon","level":2,"score":0.41559216380119324},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31239092350006104},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.29762184619903564},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28119874000549316},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23059707880020142}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3510003.3510104","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510003.3510104","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510003.3510104","source":{"id":"https://openalex.org/S4363608872","display_name":"Proceedings of the 44th International Conference on Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 44th International Conference on Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2202.13953","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2202.13953","pdf_url":"https://arxiv.org/pdf/2202.13953","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3510003.3510104","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3510003.3510104","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3510003.3510104","source":{"id":"https://openalex.org/S4363608872","display_name":"Proceedings of the 44th International Conference on Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 44th International Conference on Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","display_name":"Life in Land","score":0.5600000023841858}],"awards":[],"funders":[{"id":"https://openalex.org/F4320308943","display_name":"Microsoft Research","ror":"https://ror.org/00d0nc645"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4226416841.pdf","grobid_xml":"https://content.openalex.org/works/W4226416841.grobid-xml"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W1445387515","https://openalex.org/W2013280855","https://openalex.org/W2107528096","https://openalex.org/W2742244373","https://openalex.org/W2755552262","https://openalex.org/W2767231363","https://openalex.org/W2915997584","https://openalex.org/W2953558274","https://openalex.org/W3008923560","https://openalex.org/W3011665539","https://openalex.org/W3021503072","https://openalex.org/W3027636930","https://openalex.org/W3030378309","https://openalex.org/W3046453918","https://openalex.org/W3081194266","https://openalex.org/W3092106265","https://openalex.org/W3094525800","https://openalex.org/W3094949573","https://openalex.org/W3109094705","https://openalex.org/W3114916308","https://openalex.org/W3129727708","https://openalex.org/W3138230581","https://openalex.org/W3159300567","https://openalex.org/W3161491624","https://openalex.org/W3162344723","https://openalex.org/W3162867182","https://openalex.org/W3172189288","https://openalex.org/W3173678092","https://openalex.org/W3180903877","https://openalex.org/W3187000578","https://openalex.org/W3196277935","https://openalex.org/W4239799938"],"related_works":["https://openalex.org/W4387456547","https://openalex.org/W1557094818","https://openalex.org/W1975357770","https://openalex.org/W2183246718","https://openalex.org/W1973412793","https://openalex.org/W2099261052","https://openalex.org/W4292605373","https://openalex.org/W2951146195","https://openalex.org/W4226316650","https://openalex.org/W3123215897"],"abstract_inverted_index":{"The":[0],"npm":[1],"registry":[2],"is":[3,99,156,247],"one":[4,280],"of":[5,8,35,37,43,51,105,114,136,148,219,233,241,279,296],"the":[6,9,48,103,106,111,178,228,231,239,242,261,277],"pillars":[7],"JavaScript":[10],"and":[11,27,150,174,259,263],"Type-Script":[12],"ecosystems,":[13],"hosting":[14],"over":[15,276],"1.7":[16],"million":[17],"packages":[18,65,69,86,134,221],"ranging":[19],"from":[20,80,183,191],"simple":[21,212],"utility":[22],"libraries":[23],"to":[24,47,70,101,202,216,256,285],"complex":[25],"frameworks":[26],"entire":[28],"applications.":[29],"Each":[30],"day,":[31],"developers":[32],"publish":[33,63],"tens":[34],"thousands":[36],"updates":[38,116],"as":[39,41,158],"well":[40],"hundreds":[42],"new":[44,64],"packages.":[45,152],"Due":[46],"overwhelming":[49],"popularity":[50],"npm,":[52],"it":[53,167,246,270],"has":[54],"become":[55],"a":[56,125,154,161,211,251,293],"prime":[57],"target":[58],"for":[59,129],"malicious":[60,133,149,159,220],"actors,":[61],"who":[62,82],"or":[66,76,87],"compromise":[67],"existing":[68],"introduce":[71],"malware":[72,290],"that":[73,90,188,222,245],"tampers":[74],"with":[75,142,292],"exfiltrates":[77],"sensitive":[78],"data":[79],"users":[81],"install":[83],"either":[84],"these":[85],"any":[88],"package":[89,115,155,179,255,273],"(transitively)":[91],"depends":[92],"on":[93,145,238,271],"them.":[94],"Defending":[95],"against":[96],"such":[97],"attacks":[98],"essential":[100],"maintaining":[102],"integrity":[104],"software":[107],"supply":[108],"chain,":[109],"but":[110],"sheer":[112],"volume":[113],"makes":[117],"comprehensive":[118],"manual":[119],"review":[120],"infeasible.":[121],"We":[122,140],"present":[123],"Amalfi,":[124],"machine-learning":[126],"based":[127],"approach":[128],"automatically":[130],"detecting":[131],"potentially":[132],"comprised":[135],"three":[137],"complementary":[138],"techniques.":[139],"start":[141],"classifiers":[143],"trained":[144],"known":[146],"examples":[147],"benign":[151],"If":[153],"flagged":[157],"by":[160,227],"classifier,":[162],"we":[163,208,282],"then":[164],"check":[165],"whether":[166,177],"includes":[168],"metadata":[169],"about":[170],"its":[171,184],"source":[172,185,192],"repository,":[173],"if":[175],"so":[176,197],"can":[180],"be":[181],"reproduced":[182],"code.":[186],"Packages":[187],"are":[189,193],"reproducible":[190],"not":[194],"usually":[195],"malicious,":[196],"this":[198],"step":[199],"allows":[200],"us":[201],"weed":[203],"out":[204],"false":[205,234,297],"positives.":[206,298],"Finally,":[207],"also":[209],"employ":[210],"textual":[213],"clone-detection":[214],"technique":[215],"identify":[217,286],"copies":[218],"may":[223],"have":[224],"been":[225],"missed":[226],"classifiers,":[229,262],"reducing":[230],"number":[232,295],"negatives.":[235],"Amalfi":[236],"improves":[237],"state":[240],"art":[243],"in":[244,267],"lightweight,":[248],"requiring":[249],"only":[250],"few":[252],"seconds":[253],"per":[254],"extract":[257],"features":[258],"run":[260],"gives":[264],"good":[265],"results":[266],"practice:":[268],"running":[269],"96287":[272],"versions":[274],"published":[275],"course":[278],"week,":[281],"were":[283],"able":[284],"95":[287],"previously":[288],"unknown":[289],"samples,":[291],"manageable":[294]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":25},{"year":2024,"cited_by_count":19},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":4}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}