{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,16]],"date-time":"2026-07-16T14:09:57Z","timestamp":1784210997644,"version":"3.55.0"},"reference-count":40,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62272187"],"award-info":[{"award-number":["62272187"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3580336","type":"journal-article","created":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T18:56:40Z","timestamp":1750100200000},"page":"6279-6291","source":"Crossref","is-referenced-by-count":5,"title":["MalPacDetector: An LLM-Based Malicious NPM Package Detector"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9581-919X","authenticated-orcid":false,"given":"Jian","family":"Wang","sequence":"first","affiliation":[{"name":"National Engineering Research Center for Big Data Technology and System, Services Computing Technology and System Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Jinyinhu Laboratory, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0001-2998","authenticated-orcid":false,"given":"Zhen","family":"Li","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Big Data Technology and System, Services Computing Technology and System Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Jinyinhu Laboratory, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jixiang","family":"Qu","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Big Data Technology and System, Services Computing Technology and System Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Jinyinhu Laboratory, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8534-5048","authenticated-orcid":false,"given":"Deqing","family":"Zou","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Big Data Technology and System, Services Computing Technology and System Laboratory, Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Jinyinhu Laboratory, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8034-0942","authenticated-orcid":false,"given":"Shouhuai","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Laboratory for Cybersecurity Dynamics, University of Colorado at Colorado Springs, Colorado Springs, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ziteng","family":"Xu","sequence":"additional","affiliation":[{"name":"Ant Technology Group Company Ltd., Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhenwei","family":"Wang","sequence":"additional","affiliation":[{"name":"Ant Technology Group Company Ltd., Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3934-7605","authenticated-orcid":false,"given":"Hai","family":"Jin","sequence":"additional","affiliation":[{"name":"National Engineering Research Center for Big Data Technology and System, Services Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513044"},{"key":"ref2","article-title":"I know what you imported last summer: A study of security threats in thePython ecosystem","author":"Bagmar","year":"2021","journal-title":"arXiv:2102.06301"},{"key":"ref3","first-page":"121","article-title":"Mininode: Reducing the attack surface of Node.Js applications","volume-title":"Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Koishybayev"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-022-3548-2"},{"key":"ref5","volume-title":"Eslint-scope","year":"2023"},{"key":"ref6","first-page":"995","article-title":"Small world with high risks: A study of security threats in the npm ecosystem","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Zimmermann"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23055"},{"key":"ref8","volume-title":"Microsoft OSS Detect Backdoor System","year":"2023"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3420015"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409183"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3544415"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510104"},{"key":"ref13","article-title":"Supporting the detection of software supply chain attacks through unsupervised signature generation","author":"Ohm","year":"2020","journal-title":"arXiv:2011.02235"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3543815"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2019.09.013"},{"key":"ref17","volume-title":"GPT-3.5","year":"2023"},{"key":"ref18","volume-title":"Babel","year":"2023"},{"key":"ref19","first-page":"1","article-title":"The Vendi Score: A diversity evaluation metric for machine learning","volume":"2023","author":"Friedman","year":"2023","journal-title":"Trans. Mach. Learn. Res."},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179304"},{"key":"ref21","volume-title":"Snyk Vulnerability Database of Npm","year":"2023"},{"key":"ref22","volume-title":"GitHub Advisory Database of Npm","year":"2023"},{"key":"ref23","volume-title":"Libraries. Io of NPM","year":"2023"},{"key":"ref24","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"van der Maaten","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2022.11.139"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICICS49469.2020.239556"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00073"},{"key":"ref28","first-page":"1","article-title":"DONAPI: Malicious NPM packages detector using behavior sequence knowledge mapping","volume-title":"Proc. 33rd USENIX Security Symp.","author":"Huang"},{"issue":"89","key":"ref29","first-page":"2677","article-title":"An extension on \u2019Statistical comparisons of classifiers over multiple data Sets\u2019 for all pairwise comparisons","volume":"9","author":"Garc\u00eda","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref30","volume-title":"Microsoft OSS ApplicationInspector","year":"2023"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468592"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-NIER.2019.00012"},{"key":"ref33","volume-title":"Towards Detection of Malicious Software Packages Through Code Reuse by Malevolent Actors","author":"Ohm","year":"2022"},{"key":"ref34","article-title":"Supply chain attacks in open source projects","author":"Brand","year":"2022"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680397"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111623"},{"key":"ref37","first-page":"1","article-title":"ALGO: Synthesizing algorithmic programs with generated Oracle verifiers","volume-title":"Proc. Annu. Conf. Neural Inf. Process. Syst. (NeurIPS)","author":"Zhang"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.21428\/594757db.b85e6625"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3705304"},{"key":"ref40","article-title":"Leveraging large language models to detect npm malicious packages","author":"Zahan","year":"2024","journal-title":"arXiv:2403.12196"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11037372.pdf?arnumber=11037372","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,25]],"date-time":"2025-06-25T18:21:35Z","timestamp":1750875695000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11037372\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":40,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3580336","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}