{"id":"https://openalex.org/W4399851459","doi":"https://doi.org/10.1145/3656394","title":"Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs","display_name":"Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs","publication_year":2024,"publication_date":"2024-06-20","ids":{"openalex":"https://openalex.org/W4399851459","doi":"https://doi.org/10.1145/3656394"},"language":"en","primary_location":{"id":"doi:10.1145/3656394","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3656394","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3656394","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3656394","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101457638","display_name":"Mafalda Ferreira","orcid":"https://orcid.org/0000-0002-5307-4279"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Mafalda Ferreira","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-5307-4279","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028209039","display_name":"Miguel Monteiro","orcid":"https://orcid.org/0000-0002-6346-7340"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Miguel Monteiro","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-6346-7340","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064606624","display_name":"Tiago Brito","orcid":"https://orcid.org/0000-0001-5982-9794"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Tiago Brito","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0001-5982-9794","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036001075","display_name":"Miguel E. Coimbra","orcid":"https://orcid.org/0000-0002-7191-5895"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Miguel E. Coimbra","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-7191-5895","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075037126","display_name":"Nuno Santos","orcid":"https://orcid.org/0000-0001-9938-0653"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Santos","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0001-9938-0653","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087946116","display_name":"Limin Jia","orcid":"https://orcid.org/0000-0002-8160-349X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Limin Jia","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, USA"],"raw_orcid":"https://orcid.org/0000-0002-8160-349X","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061566620","display_name":"Jos\u00e9 Fragoso Santos","orcid":"https://orcid.org/0000-0001-5077-300X"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I203847022","display_name":"Instituto Polit\u00e9cnico de Lisboa","ror":"https://ror.org/04ea70f07","country_code":"PT","type":"education","lineage":["https://openalex.org/I203847022"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jos\u00e9 Fragoso Santos","raw_affiliation_strings":["INESC-ID, Lisboa, Portugal","Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0001-5077-300X","affiliations":[{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I203847022","https://openalex.org/I141596103"]},{"raw_affiliation_string":"INESC-ID, Lisboa, Portugal / Instituto Superior T\u00e9cnico, Universidade de Lisboa, Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.8953,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.96796853,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"8","issue":"PLDI","first_page":"417","last_page":"441"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9812999963760376,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.7912386655807495},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6992616653442383},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6748425960540771},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.532828688621521},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4748842120170593},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.44817954301834106},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.43655073642730713},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.15257671475410461},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1514180302619934},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.08333536982536316},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.05359932780265808}],"concepts":[{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.7912386655807495},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6992616653442383},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6748425960540771},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.532828688621521},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4748842120170593},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.44817954301834106},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.43655073642730713},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.15257671475410461},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1514180302619934},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.08333536982536316},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.05359932780265808},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3656394","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3656394","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3656394","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3656394","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3656394","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3656394","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4399851459.pdf"},"referenced_works_count":43,"referenced_works":["https://openalex.org/W148369031","https://openalex.org/W202191487","https://openalex.org/W1563577331","https://openalex.org/W1966862293","https://openalex.org/W1992114977","https://openalex.org/W2027625187","https://openalex.org/W2039524325","https://openalex.org/W2043100293","https://openalex.org/W2087567537","https://openalex.org/W2138788987","https://openalex.org/W2170920217","https://openalex.org/W2247217208","https://openalex.org/W2621177934","https://openalex.org/W2732351623","https://openalex.org/W2740279154","https://openalex.org/W2752602409","https://openalex.org/W2790572611","https://openalex.org/W2888934130","https://openalex.org/W2964194794","https://openalex.org/W2967904600","https://openalex.org/W2970044827","https://openalex.org/W2970323597","https://openalex.org/W3090362160","https://openalex.org/W3109059530","https://openalex.org/W3122360645","https://openalex.org/W3131584678","https://openalex.org/W3165028596","https://openalex.org/W3187895569","https://openalex.org/W3194926883","https://openalex.org/W3212106901","https://openalex.org/W4224744482","https://openalex.org/W4247387602","https://openalex.org/W4256064790","https://openalex.org/W4323349076","https://openalex.org/W4324007235","https://openalex.org/W4382724811","https://openalex.org/W4384302790","https://openalex.org/W4385080286","https://openalex.org/W4385080345","https://openalex.org/W4385412470","https://openalex.org/W4388858938","https://openalex.org/W6892672498","https://openalex.org/W6929908597"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2327631927","https://openalex.org/W2093568763","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2947584067","https://openalex.org/W1985166372","https://openalex.org/W3118510577","https://openalex.org/W2280562859","https://openalex.org/W230721595"],"abstract_inverted_index":{"While":[0],"static":[1,156],"analysis":[2,39,67,187],"tools":[3],"that":[4,118,174],"rely":[5],"on":[6],"Code":[7],"Property":[8],"Graphs":[9],"(CPGs)":[10],"to":[11,22,35,132],"detect":[12],"security":[13],"vulnerabilities":[14,196],"have":[15,76,191],"proven":[16],"effective,":[17],"deciding":[18],"how":[19],"much":[20],"information":[21,32,58,145],"include":[23],"in":[24,47,53,59,80,96,160,197],"the":[25,42,60,82,97,108,120,133,182,186],"graphs":[26,134],"remains":[27],"a":[28,36,64,93,113,153],"challenge.":[29],"Including":[30],"less":[31],"can":[33],"lead":[34],"more":[37,57,65],"scalable":[38],"but":[40,68],"at":[41],"cost":[43],"of":[44,100,123],"reduced":[45],"effectiveness":[46],"identifying":[48],"vulnerability":[49,104,148,157],"patterns,":[50],"potentially":[51],"resulting":[52],"classification":[54],"errors.":[55],"Conversely,":[56],"graph":[61],"allows":[62],"for":[63,86,102,147],"effective":[66],"may":[69],"affect":[70],"scalability.":[71],"For":[72],"example,":[73],"scalability":[74],"issues":[75],"been":[77],"recently":[78],"highlighted":[79],"ODGen,":[81,137],"state-of-the-art":[83],"CPG-based":[84],"tool":[85],"detecting":[87,165],"Node.js":[88],"vulnerabilities.":[89,170],"This":[90],"paper":[91],"examines":[92],"new":[94,154],"point":[95],"design":[98],"space":[99],"CPGs":[101],"JavaScript":[103],"detection.":[105,149],"We":[106,150],"introduce":[107],"Multiversion":[109],"Dependency":[110],"Graph":[111],"(MDG),":[112],"novel":[114],"graph-based":[115],"data":[116],"structure":[117],"captures":[119],"state":[121],"evolution":[122],"objects":[124],"and":[125,164,167,185],"their":[126],"properties":[127],"during":[128],"program":[129],"execution.":[130],"Compared":[131],"used":[135],"by":[136,178],"MDGs":[138],"are":[139],"significantly":[140,179],"simpler":[141],"without":[142],"losing":[143],"key":[144],"needed":[146],"implemented":[151],"Graph.js,":[152],"MDG-based":[155],"scanner":[158],"specialized":[159],"analyzing":[161],"npm":[162],"packages":[163],"taint-style":[166],"prototype":[168],"pollution":[169],"Our":[171],"evaluation":[172],"shows":[173],"Graph.js":[175],"outperforms":[176],"ODGen":[177],"reducing":[180],"both":[181],"false":[183],"negatives":[184],"time.":[188],"Additionally,":[189],"we":[190],"identified":[192],"49":[193],"previously":[194],"undiscovered":[195],"<mml:math":[198],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[199],"display=\"inline\">":[200],"<mml:mi":[201],"mathvariant=\"italic\">npm</mml:mi>":[202],"</mml:math>":[203],"packages.":[204]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}