{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T13:01:31Z","timestamp":1774443691137,"version":"3.50.1"},"reference-count":36,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,12,1]],"date-time":"2023-12-01T00:00:00Z","timestamp":1701388800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"national funds","award":["2021.06134.BD"],"award-info":[{"award-number":["2021.06134.BD"]}]},{"name":"national funds","award":["SFRH\/BD\/146698\/2019"],"award-info":[{"award-number":["SFRH\/BD\/146698\/2019"]}]},{"name":"IAPMEI"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2023,12]]},"DOI":"10.1109\/tr.2023.3286301","type":"journal-article","created":{"date-parts":[[2023,6,29]],"date-time":"2023-06-29T17:23:17Z","timestamp":1688059397000},"page":"1324-1339","source":"Crossref","is-referenced-by-count":21,"title":["Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages"],"prefix":"10.1109","volume":"72","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5982-9794","authenticated-orcid":false,"given":"Tiago","family":"Brito","sequence":"first","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5307-4279","authenticated-orcid":false,"given":"Mafalda","family":"Ferreira","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6346-7340","authenticated-orcid":false,"given":"Miguel","family":"Monteiro","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pedro","family":"Lopes","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Miguel","family":"Barros","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5077-300X","authenticated-orcid":false,"given":"Jos\u00e9 Fragoso","family":"Santos","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9938-0653","authenticated-orcid":false,"given":"Nuno","family":"Santos","sequence":"additional","affiliation":[{"name":"INESC-ID\/IST, Universidade de Lisboa, Lisboa, Portugal"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref3","first-page":"995","article-title":"Small world with high risks: A study of security threats in the NPM ecosystem","volume-title":"Proc. USENIX Secur.","author":"Zimmermann","year":"2019"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23071"},{"key":"ref5","first-page":"361","article-title":"Freezing the web: A study of redos vulnerabilities in javascript-based web servers","volume-title":"Proc. USENIX Secur.","author":"Staicu","year":"2018"},{"key":"ref6","first-page":"971","article-title":"How the web tangled itself: Uncovering the history of client-side web (in) security","volume-title":"Proc. USENIX Secur.","author":"Stock","year":"2017"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23414"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"ref9","article-title":"Dynamic analysis for javascript code","author":"Gong","year":"2018"},{"key":"ref10","first-page":"94","article-title":"AFFOGATO: Runtime detection of injection attacks for Node.js","volume-title":"Proc. ISSTA","author":"Gauthier","year":"2018"},{"key":"ref15","first-page":"143","article-title":"Mining Node.js vulnerabilities via object dependence graph and query","volume-title":"Proc. USENIX Secur.","author":"Li","year":"2022"},{"key":"ref26","article-title":"TypeScript specification v1.8","year":"2016"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03237-0_17"},{"key":"ref52","first-page":"96","article-title":"Safe: Formal specification and implementation of a scalable analysis framework for ecmascript","volume-title":"Proc. 19th Int. Workshop Found. Object-Oriented Lang.","author":"Lee","year":"2012"},{"key":"ref56","first-page":"2525","article-title":"JAW: Studying client-side CSRF with hybrid property graphs and declarative traversals","volume-title":"Proc. USENIX Secur.","author":"Khodayari","year":"2021"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref71","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1145\/3377811.3380390","article-title":"Extracting taint specifications for javascript libraries","volume-title":"Proc. ACM\/IEEE 42nd Int. Conf. Soft. Eng.","author":"Staicu","year":"2020"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106267"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236027"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2021.102752"},{"key":"ref79","first-page":"989","article-title":"Static detection of second-order vulnerabilities in web applications","volume-title":"Proc. USENIX Secur.","author":"Dahse","year":"2014"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.14"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978380"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_11"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315250"},{"key":"ref85","article-title":"Toward automated detection of logic vulnerabilities in web applications","volume-title":"Proc. USENIX Secur.","author":"Felmetsger","year":"2010"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133959"},{"key":"ref87","first-page":"377","article-title":"Navex: Precise and scalable exploit generation for dynamic web applications","volume-title":"Proc. USENIX Secur.","author":"Alhuzali","year":"2018"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329841"},{"key":"ref92","first-page":"2951","article-title":"Abusing hidden properties to attack the Node.js ecosystem","volume-title":"Proc. USENIX Secur.","author":"Xiao","year":"2021"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468542"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00537-0"},{"key":"ref95","first-page":"530","article-title":"Empirical review of automated analysis tools on 47,587 ethereum smart contracts","volume-title":"Proc. IEEE\/ACM 42nd Int. Conf. Softw. Eng.","author":"Durieux","year":"2020"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-018-0664-z"},{"key":"ref99","first-page":"321","article-title":"Advances in automatic software testing: Test-Comp","volume-title":"Proc. FASE","author":"Beyer","year":"2022"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/10339143\/10168679.pdf?arnumber=10168679","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,14]],"date-time":"2024-03-14T08:22:31Z","timestamp":1710404551000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10168679\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12]]},"references-count":36,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tr.2023.3286301","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12]]}}}