{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T12:56:47Z","timestamp":1770728207494,"version":"3.49.0"},"reference-count":82,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2022,9,20]],"date-time":"2022-09-20T00:00:00Z","timestamp":1663632000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,9,20]],"date-time":"2022-09-20T00:00:00Z","timestamp":1663632000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-17-1-2945"],"award-info":[{"award-number":["N00014-17-1-2945"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-21-1-2491"],"award-info":[{"award-number":["N00014-21-1-2491"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1907727"],"award-info":[{"award-number":["CCF-1907727"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002790","name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002790","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002790","name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002790","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2022,12]]},"DOI":"10.1007\/s10664-022-10195-6","type":"journal-article","created":{"date-parts":[[2022,9,20]],"date-time":"2022-09-20T09:04:03Z","timestamp":1663664643000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Stubbifier: debloating dynamic server-side JavaScript applications"],"prefix":"10.1007","volume":"27","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0381-0477","authenticated-orcid":false,"given":"Alexi","family":"Turcotte","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ellen","family":"Arteca","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ashish","family":"Mishra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saba","family":"Alimadadi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank","family":"Tip","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,9,20]]},"reference":[{"key":"10195_CR1","doi-asserted-by":"publisher","unstructured":"Abadi M, Budiu M, Erlingsson U, Ligatti J (2009) Control-flow integrity principles, implementations, and applications. ACM Trans Inf Syst Secur 13(1). https:\/\/doi.org\/10.1145\/1609956.1609960","DOI":"10.1145\/1609956.1609960"},{"key":"10195_CR2","doi-asserted-by":"crossref","unstructured":"Agesen O, Ungar D (1994) Sifting out the gold: delivering compact applications from an exploratory object-oriented programming environment. In: Proceedings of the ninth annual conference on object-oriented programming systems, languages, and applications (OOPSLA\u201994), Portland, OR, pp 355\u2013370, ACM SIGPLAN Notices 29(10)","DOI":"10.1145\/191081.191135"},{"key":"10195_CR3","doi-asserted-by":"publisher","unstructured":"Agesen O, Palsberg J, Schwartzbach MI (1993) Type inference of SELF. In: ECOOP\u201993\u2014object-oriented programming, 7th European conference, Kaiserslautern, Germany, July 26\u201330, 1993, Proceedings. https:\/\/doi.org\/10.1007\/3-540-47910-4\u2216_14, pp 247\u2013267","DOI":"10.1007\/3-540-47910-4\u2216_14"},{"key":"10195_CR4","doi-asserted-by":"crossref","unstructured":"Andreasen E, M\u00f8ller A (2014) Determinacy in static analysis for jQuery. In: Proceedings of the 29th ACM SIGPLAN international conference on object oriented programming systems languages, and applications (OOPSLA)","DOI":"10.1145\/2660193.2660214"},{"key":"10195_CR5","doi-asserted-by":"publisher","unstructured":"Avgustinov P, de Moor O, Jones M P, Sch\u00e4fer M (2016) QL: object-oriented Queries on relational data. In: 30th European conference on object-oriented programming, ECOOP 2016, July 18\u201322, 2016, Rome, Italy. https:\/\/doi.org\/10.4230\/LIPIcs.ECOOP.2016.2, pp 2:1\u20132:25","DOI":"10.4230\/LIPIcs.ECOOP.2016.2"},{"key":"10195_CR6","doi-asserted-by":"publisher","unstructured":"Bacon D F, Sweeney P F (1996) Fast static analysis of c++ virtual function calls. In: Proceedings of the 1996 ACM SIGPLAN conference on object-oriented programming systems, languages & applications (OOPSLA \u201996), San Jose, California, USA, October 6\u201310, 1996. https:\/\/doi.org\/10.1145\/236337.236371https:\/\/doi.org\/10.1145\/236337.236371, pp 324\u2013341","DOI":"10.1145\/236337.236371 10.1145\/236337.236371"},{"key":"10195_CR7","doi-asserted-by":"publisher","unstructured":"Bhattacharya S, Gopinath K, Nanda M G (2013) Combining concern input with program analysis for bloat detection. In: Proceedings of the 2013 ACM SIGPLAN international conference on object oriented programming systems languages and applications, OOPSLA \u201913. https:\/\/doi.org\/10.1145\/2509136.2509522. ACM, New York, pp 745\u2013764","DOI":"10.1145\/2509136.2509522"},{"key":"10195_CR8","unstructured":"bdistin\/fs-nextra (2021) https:\/\/github.com\/bdistin\/fs-nextra. Accessed 25 Oct 2021"},{"key":"10195_CR9","doi-asserted-by":"crossref","unstructured":"Bruce B R, Zhang T, Arora J, Xu G H, Kim M (2020) JSHrink: in-depth investigation into debloating modern Java applications. In: Proceedings of the 28th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, pp 135\u2013146","DOI":"10.1145\/3368089.3409738"},{"key":"10195_CR10","unstructured":"Commit: remove eval (2021a) https:\/\/github.com\/dougwilson\/nodejs-depd\/commit\/887283b4. Accessed 16 Apr 2021"},{"issue":"11","key":"10195_CR11","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1145\/583854.582445","volume":"37","author":"B De Sutter","year":"2002","unstructured":"De Sutter B, De Bus B, De Bosschere K (2002) Sifting out the mud: low level C++ code reuse. SIGPLAN Not 37(11):275\u2013291. https:\/\/doi.org\/10.1145\/583854.582445","journal-title":"SIGPLAN Not"},{"key":"10195_CR12","doi-asserted-by":"publisher","unstructured":"Dean J, Grove D, Chambers C (1995) Optimization of object-oriented programs using static class hierarchy analysis. In: ECOOP\u201995\u2014Object-oriented programming, 9th European conference, \u00c5rhus, Denmark, August 7\u201311, 1995, Proceedings. https:\/\/doi.org\/10.1007\/3-540-49538-X\u2216_5, pp 77\u2013101","DOI":"10.1007\/3-540-49538-X\u2216_5"},{"key":"10195_CR13","unstructured":"depd issue 20 (2021b) https:\/\/github.com\/dougwilson\/nodejs-depd\/issues\/20. Accessed 16 Apr 2021"},{"key":"10195_CR14","unstructured":"depd issue 22 (2021c) https:\/\/github.com\/dougwilson\/nodejs-depd\/issues\/22. Accessed 16 Apr 2021"},{"key":"10195_CR15","unstructured":"depd issue 24 (2021d) https:\/\/github.com\/dougwilson\/nodejs-depd\/issues\/24. Accessed 16 Apr 2021"},{"key":"10195_CR16","unstructured":"dougwilson\/nodejs-depd (2021e) https:\/\/github.com\/dougwilson\/nodejs-depd. Accessed 16 Apr 2021"},{"key":"10195_CR17","unstructured":"ECMA International (2019) ECMAScript 2019 language specification. https:\/\/262.ecma-international.org\/10.0\/. Accessed 16 Apr 2021"},{"key":"10195_CR18","unstructured":"ECMA International (2021) ECMAScript module system. https:\/\/www.ecma-international.org\/ecma-262\/#sec-modules. Accessed 16 Apr 2021"},{"key":"10195_CR19","unstructured":"expressjs\/body-parser (2021) https:\/\/github.com\/expressjs\/body-parser. Accessed: 25 Oct 2021"},{"key":"10195_CR20","unstructured":"expressjs\/compression (2021) https:\/\/github.com\/expressjs\/compression. Accessed 25 Oct 2021"},{"key":"10195_CR21","unstructured":"expressjs\/morgan (2021) https:\/\/github.com\/expressjs\/morgan. Accessed 25 Oct 2021"},{"key":"10195_CR22","unstructured":"expressjs\/serve-favicon (2021) https:\/\/github.com\/expressjs\/serve-favicon. Accessed 25 Oct 2021"},{"key":"10195_CR23","unstructured":"expressjs\/serve-static (2021) https:\/\/github.com\/expressjs\/serve-static. Accessed 25 Oct 2021"},{"key":"10195_CR24","unstructured":"facebook\/prop-types (2021) https:\/\/github.com\/facebook\/prop-types. Accessed 25 Oct 2021"},{"key":"10195_CR25","doi-asserted-by":"publisher","unstructured":"Gauthier F, Hassanshahi B, Jordan A (2018) Affogato: runtime detection of injection attacks for node.js. In: Companion proceedings for the ISSTA\/ECOOP 2018 workshops, ISSTA \u201918. https:\/\/doi.org\/10.1145\/3236454.3236502. Association for Computing Machinery, New York, pp 94\u201399","DOI":"10.1145\/3236454.3236502"},{"key":"10195_CR26","unstructured":"GitHub (2020) Language trends on GitHub. https:\/\/octoverse.github.com\/#top-languages"},{"key":"10195_CR27","unstructured":"GitHub (2021) CodeQL. https:\/\/github.com\/github\/codeql. Accessed 16 Apr 2021"},{"key":"10195_CR28","unstructured":"Hovemeyer D, Pugh W (2001) More efficient network class loading through bundling. In: Proceedings of the 1st Java virtual machine research and technology symposium, April 23\u201324, 2001, Monterey, CA, USA, pp 127\u2013140"},{"key":"10195_CR29","unstructured":"isaacs\/node-glob (2021) https:\/\/github.com\/isaacs\/node-glob. Accessed 25 Oct 2021"},{"key":"10195_CR30","unstructured":"Istanbul (2021) nyc. https:\/\/www.npmjs.com\/package\/nyc. Accessed: 12 Oct 2021"},{"key":"10195_CR31","doi-asserted-by":"crossref","unstructured":"Jensen S H, Madsen M, M\u00f8ller A (2011) Modeling the HTML DOM and browser API in static analysis of JavaScript web applications. In: SIGSOFT\/FSE\u201911 19th ACM SIGSOFT symposium on the foundations of software engineering (FSE-19) and ESEC\u201911: 13th European software engineering conference (ESEC-13), Szeged, Hungary, September 5\u20139, 2011, pp 59\u201369","DOI":"10.1145\/2025113.2025125"},{"key":"10195_CR32","doi-asserted-by":"publisher","unstructured":"Jensen S H, Jonsson P A, M\u00f8ller A (2012) Remedying the eval that men do. In: Heimdahl MPE, Su Z (eds) International symposium on software testing and analysis, ISSTA 2012, Minneapolis, MN, USA, July 15-20, 2012. https:\/\/doi.org\/10.1145\/2338965.2336758. ACM, pp 34\u201344","DOI":"10.1145\/2338965.2336758"},{"issue":"12","key":"10195_CR33","doi-asserted-by":"publisher","first-page":"1364","DOI":"10.1109\/TSE.2018.2878020","volume":"46","author":"R Karim","year":"2018","unstructured":"Karim R, Tip F, Soch\u016drkov\u00e1 A, Sen K (2018) Platform-independent dynamic taint analysis for JavaScript. IEEE Trans Softw Eng 46(12):1364\u20131379","journal-title":"IEEE Trans Softw Eng"},{"key":"10195_CR34","unstructured":"Koishybayev I, Kapravelos A (2020) Mininode: reducing the attack surface of Node.js applications. In: Proceedings of the international symposium on research in attacks, intrusions and defenses (RAID)"},{"key":"10195_CR35","doi-asserted-by":"crossref","unstructured":"Koo H, Ghavamnia S, Polychronakis M (2019) Configuration-driven software debloating. In: Proceedings of 12th European workshop on systems security (EuroSec \u201919)","DOI":"10.1145\/3301417.3312501"},{"key":"10195_CR36","doi-asserted-by":"publisher","unstructured":"Krintz C, Calder B, H\u00f6lzle U (1999) Reducing transfer delay using Java class file splitting and prefetching. In: Proceedings of the 1999 ACM SIGPLAN conference on object-oriented programming systems, languages & applications (OOPSLA \u201999), Denver, Colorado, USA, November 1\u20135, 1999. https:\/\/doi.org\/10.1145\/320384.320412, pp 276\u2013291","DOI":"10.1145\/320384.320412"},{"key":"10195_CR37","unstructured":"kriskowal\/q (2021) https:\/\/github.com\/kriskowal\/q. Accessed 25 Oct 2021"},{"key":"10195_CR38","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1145\/3468264.3468542 10.1145\/3468264.3468542","volume-title":"Detecting Node.Js prototype pollution vulnerabilities via object lookup analysis","author":"S Li","year":"2021","unstructured":"Li S, Kang M, Hou J, Cao Y (2021) Detecting Node.Js prototype pollution vulnerabilities via object lookup analysis. Association for Computing Machinery, New York, pp 268\u2013279. https:\/\/doi.org\/10.1145\/3468264.3468542https:\/\/doi.org\/10.1145\/3468264.3468542"},{"key":"10195_CR39","unstructured":"Li S, Kang M, Hou J, Cao Y (2022) Mining node.js vulnerabilities via object dependence graph and query. In: 31st USENIX Security Symposium (USENIX Security 22). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/li-song. USENIX Association, Boston"},{"issue":"OOPSLA","key":"10195_CR40","first-page":"141:1","volume":"2","author":"Y Li","year":"2018","unstructured":"Li Y, Tan T, M\u00f8ller A, Smaragdakis Y (2018a) Precision-guided context sensitivity for pointer analysis. PACMPL 2(OOPSLA):141:1\u2013141:29","journal-title":"PACMPL"},{"key":"10195_CR41","doi-asserted-by":"crossref","unstructured":"Li Y, Tan T, M\u00f8ller A, Smaragdakis Y (2018b) Scalability-first pointer analysis with self-tuning context-sensitivity. In: Proceedings of the 2018 26th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, pp 129\u2013140","DOI":"10.1145\/3236024.3236041"},{"key":"10195_CR42","doi-asserted-by":"publisher","unstructured":"Livshits V B, Kiciman E (2008) Doloto: code splitting for network-bound Web 2.0 applications. In: Proceedings of the 16th ACM SIGSOFT international symposium on foundations of software engineering, 2008, Atlanta, Georgia, USA, November 9\u201314, 2008. https:\/\/doi.org\/10.1145\/1453101.1453151, pp 350\u2013360","DOI":"10.1145\/1453101.1453151"},{"key":"10195_CR43","unstructured":"Lutz M (2013) Learning Python, 5th edn"},{"key":"10195_CR44","doi-asserted-by":"publisher","unstructured":"Madsen M, Tip F, Lhot\u00e1k O (2015) Static analysis of event-driven Node.js JavaScript applications. In: Aldrich J, Eugster P (eds) Proceedings of the 2015 ACM SIGPLAN international conference on object-oriented programming, systems, languages, and applications, OOPSLA 2015, part of SPLASH 2015, Pittsburgh, PA, USA, October 25\u201330, 2015. https:\/\/doi.org\/10.1145\/2814270.2814272https:\/\/doi.org\/10.1145\/2814270.2814272. ACM, pp 505\u2013519","DOI":"10.1145\/2814270.2814272 10.1145\/2814270.2814272"},{"key":"10195_CR45","unstructured":"mapbox\/node-blend (2021) https:\/\/github.com\/mapbox\/node-blend. Accessed 16 Apr 2021"},{"key":"10195_CR46","unstructured":"MDN (2021) Tree shaking. https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Tree_shaking. Accessed 11 Oct 2021"},{"key":"10195_CR47","doi-asserted-by":"publisher","unstructured":"M\u00f8ller A, Torp MT (2019) Model-based testing of breaking changes in node.js libraries. In: Proceedings of the 2019 27th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ESEC\/FSE 2019. https:\/\/doi.org\/10.1145\/3338906.3338940. Association for Computing Machinery, New York, pp 409\u2013419","DOI":"10.1145\/3338906.3338940"},{"key":"10195_CR48","unstructured":"Mozilla (2021) Rest parameters. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Functions\/rest_parameters. Accessed 16 Apr 2021"},{"key":"10195_CR49","doi-asserted-by":"publisher","unstructured":"Nielsen B B, Hassanshahi B, Gauthier F (2019) Nodest: feedback-driven static analysis of node.js applications. In: Proceedings of the 2019 27th ACM joint meeting on european software engineering conference and symposium on the foundations of software engineering, ESEC\/FSE 2019. https:\/\/doi.org\/10.1145\/3338906.3338933. Association for Computing Machinery, New York, pp 455\u2013465","DOI":"10.1145\/3338906.3338933"},{"key":"10195_CR50","doi-asserted-by":"publisher","unstructured":"Niu B, Tan G (2015) Per-input control-flow integrity. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, CCS \u201915. https:\/\/doi.org\/10.1145\/2810103.2813644. Association for Computing Machinery, New York, pp 914\u2013926","DOI":"10.1145\/2810103.2813644"},{"key":"10195_CR51","unstructured":"npm (2021a) npm. https:\/\/www.npmjs.com\/. Accessed 16 Apr 2021"},{"key":"10195_CR52","unstructured":"npm (2021b) semver. https:\/\/www.npmjs.com\/package\/semver. Accessed 16 Apr 2021"},{"key":"10195_CR53","unstructured":"OpenJS Foundation (2021) Node.js. https:\/\/nodejs.org\/en\/. Accessed 16 Apr 2021"},{"key":"10195_CR54","unstructured":"pillarjs\/send (2021) https:\/\/github.com\/pillarjs\/send. Accessed 25 Oct 2021"},{"issue":"2","key":"10195_CR55","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1016\/S0167-6423(02)00059-X","volume":"45","author":"D Rayside","year":"2002","unstructured":"Rayside D, Kontogiannis K (2002) Extracting Java library subsets for deployment on embedded systems. Sci Comput Program 45(2):245\u2013270. https:\/\/doi.org\/10.1016\/S0167-6423(02)00059-X","journal-title":"Sci Comput Program"},{"key":"10195_CR56","unstructured":"reduxjs\/redux (2021) https:\/\/github.com\/reduxjs\/redux. Accessed 25 Oct 2021"},{"key":"10195_CR57","doi-asserted-by":"publisher","unstructured":"Richards G, Hammer C, Burg B, Vitek J (2011) The eval that men do\u2014a large-scale study of the use of eval in JavaScript applications. In: Mezini M (ed) ECOOP 2011\u2014object-oriented programming\u201425th European conference, Lancaster, UK, July 25\u201329, 2011 Proceedings, vol 6813. Springer, Lecture Notes in Computer Science. https:\/\/doi.org\/10.1007\/978-3-642-22655-7_4, pp 52\u201378","DOI":"10.1007\/978-3-642-22655-7_4"},{"key":"10195_CR58","unstructured":"rlang (2022) Execute a function. See https:\/\/rlang.r-lib.org\/reference\/exec.html"},{"key":"10195_CR59","unstructured":"Rollup (2021) Rollup. https:\/\/www.npmjs.com\/package\/rollup. Accessed 11 Oct 2021"},{"key":"10195_CR60","doi-asserted-by":"publisher","unstructured":"Sharif H, Abubakar M, Gehani A, Zaffar F (2018) TRIMMER: application specialization for code debloating. In: Proceedings of the 33rd ACM\/IEEE international conference on automated software engineering, ASE 2018, Montpellier, France, September 3\u20137, 2018. https:\/\/doi.org\/10.1145\/3238147.3238160https:\/\/doi.org\/10.1145\/3238147.3238160, pp 329\u2013339","DOI":"10.1145\/3238147.3238160 10.1145\/3238147.3238160"},{"key":"10195_CR61","unstructured":"streamich\/memfs (2021) https:\/\/github.com\/streamich\/memfs. Accessed 25 Oct 2021"},{"key":"10195_CR62","doi-asserted-by":"publisher","unstructured":"Sridharan M, Dolby J, Chandra S, Sch\u00e4fer M, Tip F (2012) Correlation tracking for points-to analysis of JavaScript. In: Noble J (ed) ECOOP 2012\u2014Object-Oriented Programming\u201426th European Conference, Beijing, China, June 11\u201316, 2012. Proceedings, vol 7313. Springer, Lecture Notes in Computer Science. https:\/\/doi.org\/10.1007\/978-3-642-31057-7_20, pp 435\u2013458","DOI":"10.1007\/978-3-642-31057-7_20"},{"key":"10195_CR63","unstructured":"Stack Overflow (2020) Developer survey. https:\/\/insights.stackoverflow.com\/survey\/2020#most-popular-technologies"},{"key":"10195_CR64","doi-asserted-by":"crossref","unstructured":"Staicu C A, Pradel M, Livshits B (2018) Synode: understanding and automatically preventing injection attacks on node.js. In: NDSS","DOI":"10.14722\/ndss.2018.23071"},{"key":"10195_CR65","doi-asserted-by":"publisher","unstructured":"Staicu C A, Torp M T, Sch\u00e4fer M, M\u00f8ller A, Pradel M (2020) Extracting taint specifications for javascript libraries. In: Proceedings of the ACM\/IEEE 42nd international conference on software engineering, ICSE \u201920. https:\/\/doi.org\/10.1145\/3377811.3380390. Association for Computing Machinery, New York, pp 198\u2013209","DOI":"10.1145\/3377811.3380390"},{"issue":"OOPSLA","key":"10195_CR66","doi-asserted-by":"publisher","first-page":"140:1","DOI":"10.1145\/3360566","volume":"3","author":"B Stein","year":"2019","unstructured":"Stein B, Nielsen B B, Chang B E, M\u00f8ller A (2019) Static analysis with demand-driven value refinement. Proc ACM Program Lang 3(OOPSLA):140:1\u2013140:29. https:\/\/doi.org\/10.1145\/3360566","journal-title":"Proc ACM Program Lang"},{"key":"10195_CR67","doi-asserted-by":"crossref","unstructured":"Sweeney P F, Tip F (2000) Extracting library-based object-oriented applications. In: ACM SIGSOFT symposium on foundations of software engineering, San Diego, California, USA, November 6\u201310, 2000, Proceedings, pp 98\u2013107","DOI":"10.1145\/357474.355059"},{"key":"10195_CR68","doi-asserted-by":"publisher","unstructured":"Tip F, Palsberg J (2000) Scalable propagation-based call graph construction algorithms. In: Proceedings of the 2000 ACM SIGPLAN conference on object-oriented programming systems, languages & applications (OOPSLA 2000), Minneapolis, Minnesota, USA, October 15\u201319, 2000. https:\/\/doi.org\/10.1145\/353171.353190, pp 281\u2013293","DOI":"10.1145\/353171.353190"},{"key":"10195_CR69","doi-asserted-by":"publisher","unstructured":"Tip F, Laffra C, Sweeney P F, Streeter D (1999) Practical experience with an application extractor for Java. In: Proceedings of the 1999 ACM SIGPLAN conference on object-oriented programming systems, languages & applications (OOPSLA \u201999), Denver, Colorado, USA, November 1\u20135, 1999. https:\/\/doi.org\/10.1145\/320384.320414, pp 292\u2013305","DOI":"10.1145\/320384.320414"},{"issue":"6","key":"10195_CR70","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1145\/586088.586090","volume":"24","author":"F Tip","year":"2002","unstructured":"Tip F, Sweeney P F, Laffra C, Eisma A, Streeter D (2002) Practical extraction techniques for Java. ACM Trans Program Lang Syst 24(6):625\u2013666. https:\/\/doi.org\/10.1145\/586088.586090","journal-title":"ACM Trans Program Lang Syst"},{"key":"10195_CR71","unstructured":"tj\/commander.js (2021) https:\/\/github.com\/tj\/commander.js. Accessed 25 Oct 2021"},{"key":"10195_CR72","doi-asserted-by":"publisher","unstructured":"Turcotte A, Arteca E, Mishra A, Alimadadi S, Tip F (2021) Stubbifer: debloating dynamic server-side JavaScript applications (artifact). https:\/\/doi.org\/10.5281\/zenodo.5599914","DOI":"10.5281\/zenodo.5599914"},{"key":"10195_CR73","doi-asserted-by":"publisher","unstructured":"Vasilakis N, Staicu C A, Ntousakis G, Kallas K, Karel B, DeHon A, Pradel M (2021) Preventing dynamic library compromise on node.js via rwx-based privilege reduction. In: Proceedings of the 2021 ACM SIGSAC conference on computer and communications security, CCS \u201921. https:\/\/doi.org\/10.1145\/3460120.3484535. Association for Computing Machinery, New York, pp 1821\u20131838","DOI":"10.1145\/3460120.3484535"},{"key":"10195_CR74","unstructured":"VisualWorks User\u2019s Guide (1995) ParcPlace-DigiTalk, software release 2.5 edn, chapter 13: application delivery tools. Available from http:\/\/esug.org\/data\/Old\/vw-tutorials\/vw25\/vw25ug.pdf"},{"key":"10195_CR75","unstructured":"VisualAge for Smalltalk Handbook Volume 1: Fundamentals (1997) IBM Corporation, first edition edn, available from http:\/\/www.redbooks.ibm.com\/redbooks\/4instantiations\/sg244828.pdf"},{"issue":"11","key":"10195_CR76","doi-asserted-by":"publisher","first-page":"1037","DOI":"10.1016\/j.scico.2010.04.008","volume":"76","author":"G Wagner","year":"2011","unstructured":"Wagner G, Gal A, Franz M (2011) \u201cSlimming\u201d a Java virtual machine by way of cold code removal and optimistic partial program loading. Sci Comput Program 76(11):1037\u20131053. https:\/\/doi.org\/10.1016\/j.scico.2010.04.008https:\/\/doi.org\/10.1016\/j.scico.2010.04.008","journal-title":"Sci Comput Program"},{"key":"10195_CR77","unstructured":"webpack (2021) webpack. https:\/\/www.npmjs.com\/package\/webpack. Accessed 11 Oct 2021"},{"key":"10195_CR78","unstructured":"webpack-contrib (2021) css-loader. https:\/\/www.npmjs.com\/package\/css-loader. Accessed 16 Apr 2021"},{"key":"10195_CR79","unstructured":"webpack-contrib\/css-loader (2021) https:\/\/github.com\/webpack-contrib\/css-loader. Accessed 25 Oct 2021"},{"key":"10195_CR80","unstructured":"webpack\/memory-fs (2021) https:\/\/github.com\/webpack\/memory-fs. Accessed 25 Oct 2021"},{"key":"10195_CR81","doi-asserted-by":"crossref","unstructured":"Zhang C, Wei T, Chen Z, Duan L, Szekeres L, McCamant S, Song D, Zou W (2013) Practical control flow integrity and randomization for binary executables. In: 2013 IEEE symposium on security and privacy, pp 559\u2013573","DOI":"10.1109\/SP.2013.44"},{"key":"10195_CR82","unstructured":"Zimmermann M, Staicu C A, Tenny C, Pradel M (2019) Smallworld with high risks: a study of security threats in the npm ecosystem. In: Proceedings of the 28th USENIX conference on security symposium, USENIX Association, USA, SEC\u201919, pp 995\u20131010"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-022-10195-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-022-10195-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-022-10195-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,21]],"date-time":"2022-11-21T02:08:25Z","timestamp":1668996505000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-022-10195-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,20]]},"references-count":82,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["10195"],"URL":"https:\/\/doi.org\/10.1007\/s10664-022-10195-6","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,20]]},"assertion":[{"value":"22 June 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 September 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declared that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"<!--Emphasis Type='Bold' removed-->Conflict of Interest"}}],"article-number":"161"}}