Containing Malicious Package Updates in npm with a Lightweight Permission System

The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm repository, we observed that many packages in the npm repository that...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings / International Conference on Software Engineering pp. 1334 - 1346
Main Authors: Ferreira, Gabriel, Jia, Limin, Sunshine, Joshua, Kastner, Christian
Format: Conference Proceeding
Language:English
Published: IEEE 01.05.2021
Subjects:
design trade-offs
Ecosystems
malicious package updates
package management
permission system
Runtime
sandboxing
Security
Software
supplychain security
ISBN:1665402962, 9781665402965
ISSN:1558-1225
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Be the first to leave a comment!
You must be logged in first