{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T01:49:48Z","timestamp":1769219388294,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T00:00:00Z","timestamp":1636761600000},"content-version":"vor","delay-in-days":1,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DARPA","award":["HR00112020013 HR001120C0191 HR001120C0155"],"award-info":[{"award-number":["HR00112020013 HR001120C0191 HR001120C0155"]}]},{"name":"NSF","award":["CNS-1513687 CCF-1763514"],"award-info":[{"award-number":["CNS-1513687 CCF-1763514"]}]},{"name":"European Research Council","award":["851895"],"award-info":[{"award-number":["851895"]}]},{"name":"German Research Foundation","award":["ConcSys Perf4JS"],"award-info":[{"award-number":["ConcSys Perf4JS"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484535","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"1821-1838","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction"],"prefix":"10.1145","author":[{"given":"Nikos","family":"Vasilakis","sequence":"first","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, MA, USA"}]},{"given":"Cristian-Alexandru","family":"Staicu","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Grigoris","family":"Ntousakis","sequence":"additional","affiliation":[{"name":"TU Crete, Chania, Greece"}]},{"given":"Konstantinos","family":"Kallas","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"given":"Ben","family":"Karel","sequence":"additional","affiliation":[{"name":"Aarno Labs, Cambridge, MA, USA"}]},{"given":"Andr\u00e9","family":"DeHon","sequence":"additional","affiliation":[{"name":"University of Pennsylvania, Philadelphia, PA, USA"}]},{"given":"Michael","family":"Pradel","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Stuttgart, Germany"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243745"},{"key":"e_1_3_2_1_2_1","volume-title":"Snyk: Arbitrary Code Execution in node-serialize. https:\/\/snyk.io\/vuln\/npm:node-serialize:20170208. https:\/\/snyk.io\/vuln\/npm:node-serialize:20170208 Accessed: 2020-03--19.","author":"Abraham Ajin","year":"2017","unstructured":"Ajin Abraham. 2017a. Snyk: Arbitrary Code Execution in node-serialize. https:\/\/snyk.io\/vuln\/npm:node-serialize:20170208. https:\/\/snyk.io\/vuln\/npm:node-serialize:20170208 Accessed: 2020-03--19."},{"key":"e_1_3_2_1_3_1","volume-title":"Snyk: Arbitrary Code Execution in serialize-to-js. https:\/\/snyk.io\/vuln\/npm:serialize-to-js:20170208. https:\/\/snyk.io\/vuln\/npm:serialize-to-js:20170208 Accessed: 2020-03--19.","author":"Abraham Ajin","year":"2017","unstructured":"Ajin Abraham. 2017b. Snyk: Arbitrary Code Execution in serialize-to-js. https:\/\/snyk.io\/vuln\/npm:serialize-to-js:20170208. https:\/\/snyk.io\/vuln\/npm:serialize-to-js:20170208 Accessed: 2020-03--19."},{"key":"e_1_3_2_1_4_1","volume-title":"Mach: A New Kernel Foundation for UNIX Development. In USENIX Technical Conference .","author":"Accetta Mike","year":"1986","unstructured":"Mike Accetta, Robert Baron, William Bolosky, David Golub, Richard Rashid, Avadis Tevanian, and Michael Young. 1986. Mach: A New Kernel Foundation for UNIX Development. In USENIX Technical Conference ."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1178597.1178599"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 21th USENIX Security Symposium","author":"Akhawe Devdatta","year":"2012","unstructured":"Devdatta Akhawe, Prateek Saxena, and Dawn Song. 2012. Privilege Separation in HTML5 Applications. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8--10, 2012, Tadayoshi Kohno (Ed.). USENIX Association, 429--444. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/akhawe"},{"key":"e_1_3_2_1_8_1","volume-title":"A Survey of Dynamic Analysis and Test Generation for JavaScript. Comput. Surveys","author":"Andreasen Esben","year":"2017","unstructured":"Esben Andreasen, Liang Gong, Anders M\u00f8ller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A Survey of Dynamic Analysis and Test Generation for JavaScript. Comput. Surveys (2017)."},{"key":"e_1_3_2_1_9_1","volume-title":"Snyk: Arbitrary Code Injection in serialize-javascript. https:\/\/snyk.io\/vuln\/SNYK-JS-SERIALIZEJAVASCRIPT-570062. https:\/\/snyk.io\/vuln\/SNYK-JS-SERIALIZEJAVASCRIPT-570062 Accessed: 2020-03--19.","author":"Author Unknown","year":"2020","unstructured":"Unknown Author. 2020. Snyk: Arbitrary Code Injection in serialize-javascript. https:\/\/snyk.io\/vuln\/SNYK-JS-SERIALIZEJAVASCRIPT-570062. https:\/\/snyk.io\/vuln\/SNYK-JS-SERIALIZEJAVASCRIPT-570062 Accessed: 2020-03--19."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_16"},{"key":"e_1_3_2_1_11_1","volume-title":"28th $$USENIX$$ Security Symposium ($$USENIX$$ Security 19). 1697--1714.","author":"Azad Babak Amin","unstructured":"Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is more: quantifying the security benefits of debloating web applications. In 28th $$USENIX$$ Security Symposium ($$USENIX$$ Security 19). 1697--1714."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the USENIX 1995 Technical Conference Proceedings (TCON'95)","author":"Berman Andrew","year":"1995","unstructured":"Andrew Berman, Virgil Bourassa, and Erik Selberg. 1995. TRON: Process-specific File Protection for the UNIX Operating System. In Proceedings of the USENIX 1995 Technical Conference Proceedings (TCON'95). USENIX Association, Berkeley, CA, USA, 14--14. http:\/\/dl.acm.org\/citation.cfm?id=1267411.1267425"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49635-0_3"},{"key":"e_1_3_2_1_14_1","volume-title":"5th International Conference, DIMVA 2008, Paris, France, July 10--11, 2008. Proceedings. 23--43","author":"Bisht Prithvi","unstructured":"Prithvi Bisht and V. N. Venkatakrishnan. 2008. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008, Paris, France, July 10--11, 2008. Proceedings. 23--43."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08)","author":"Bittau Andrea","year":"2008","unstructured":"Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08). USENIX Association, Berkeley, CA, USA, 309--322. http:\/\/dl.acm.org\/citation.cfm?id=1387589.1387611"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 13th Conference on USENIX Security Symposium -","volume":"13","author":"Brumley David","year":"2004","unstructured":"David Brumley and Dawn Song. 2004. Privtrans: Automatically Partitioning Programs for Privilege Separation. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (SSYM'04). USENIX Association, Berkeley, CA, USA, 5--5. http:\/\/dl.acm.org\/citation.cfm?id=1251375.1251380"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--662--46669--8_21"},{"key":"e_1_3_2_1_18_1","volume-title":"Automatic partitioning of database applications. arXiv preprint arXiv:1208.0271","author":"Cheung Alvin","year":"2012","unstructured":"Alvin Cheung, Owen Arden, Samuel Madden, and Andrew C Myers. 2012. Automatic partitioning of database applications. arXiv preprint arXiv:1208.0271 (2012)."},{"key":"e_1_3_2_1_19_1","unstructured":"Ryan Dahl and the Deno Contributors. 2019. Deno. https:\/\/deno.land\/manual\/getting_started\/permissions. https:\/\/deno.land\/manual\/getting_started\/permissions Accessed: 2020-06--11."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664276"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2014.9"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2489804.2489811"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2955811.2955821"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486887"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/581478.581484"},{"key":"e_1_3_2_1_26_1","unstructured":"Inc Google. 2009. Closure. https:\/\/developers.google.com\/closure\/. https:\/\/developers.google.com\/closure\/ Accessed: 2019-06--11."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813611"},{"key":"e_1_3_2_1_28_1","unstructured":"Jordan Harband and Kevin Smith. 2021. ECMAScript\u00ae 2020 Language Specification. https:\/\/262.ecma-international.org\/11.0\/#sec-code-realms. https:\/\/262.ecma-international.org\/11.0\/#sec-code-realms Accessed: 2021-04--14."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2554850.2554909"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243838"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884782"},{"key":"e_1_3_2_1_32_1","volume-title":"Privman: A Library for Partitioning Applications. In USENIX Annual Technical Conference, FREENIX Track. 273--284","author":"Kilpatrick Douglas","year":"2003","unstructured":"Douglas Kilpatrick. 2003. Privman: A Library for Partitioning Applications. In USENIX Annual Technical Conference, FREENIX Track. 273--284."},{"key":"e_1_3_2_1_33_1","volume-title":"SecureJS Compiler: Portable Memory Isolation in JavaScript. In SAC 2021-The 36th ACM\/SIGAPP Symposium On Applied Computing .","author":"Ko Yoonseok","unstructured":"Yoonseok Ko, Tamara Rezk, and Manuel Serrano. [n. d.]. SecureJS Compiler: Portable Memory Isolation in JavaScript. In SAC 2021-The 36th ACM\/SIGAPP Symposium On Applied Computing ."},{"key":"e_1_3_2_1_34_1","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses ($$RAID$$ 2020)","author":"Koishybayev Igibek","year":"2020","unstructured":"Igibek Koishybayev and Alexandros Kapravelos. 2020. Mininode: Reducing the Attack Surface of Node.js Applications. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ($$RAID$$ 2020) ."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3301417.3312501"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/582419.582452"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3144555.3144562"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Tobias Lauinger Abdelberi Chaabane Sajjad Arshad William Robertson Christo Wilson and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. (2017).","DOI":"10.14722\/ndss.2017.23414"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/800213.806531"},{"key":"e_1_3_2_1_40_1","volume-title":"Capability Based Computer Systems","author":"Levy H. M.","unstructured":"H. M. Levy. 1984. Capability Based Computer Systems .Digital Press. http:\/\/www.cs.washington.edu\/homes\/levy\/capabook\/"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354218"},{"key":"e_1_3_2_1_42_1","volume-title":"2019 a. EnclaveDom: Privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245","author":"Melara Marcela S","year":"2019","unstructured":"Marcela S Melara, Michael J Freedman, and Mic Bowman. 2019 a. EnclaveDom: Privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245 (2019)."},{"key":"e_1_3_2_1_43_1","volume-title":"2019 b. Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT. arXiv preprint arXiv:1903.01950","author":"Melara Marcela S","year":"2019","unstructured":"Marcela S Melara, David H Liu, and Michael J Freedman. 2019 b. Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT. arXiv preprint arXiv:1903.01950 (2019)."},{"key":"e_1_3_2_1_44_1","unstructured":"Darya Melicher. [n. d.]. Controlling Module Authority Using Programming Language Design. Ph.D. Dissertation. Carnegie Mellon University."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3190619.3191691"},{"key":"e_1_3_2_1_46_1","volume-title":"Networked and Distributed Systems Security (NDSS'10)","author":"Mettler Adrian","unstructured":"Adrian Mettler, David Wagner, and Tyler Close. 2010. Joe-E: A Security-Oriented Subset of Java.. In Networked and Distributed Systems Security (NDSS'10), Vol. 10. 357--374."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.24"},{"key":"e_1_3_2_1_49_1","unstructured":"Mark Samuel Miller. 2006. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph.D. Dissertation. Baltimore MD USA. Advisor(s) Shapiro Jonathan S. AAI3245526."},{"key":"e_1_3_2_1_50_1","volume-title":"Caja: Safe active content in sanitized JavaScript","author":"Miller Mark S","year":"2009","unstructured":"Mark S Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. 2009. Caja: Safe active content in sanitized JavaScript, 2008. Google white paper (2009)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_52_1","unstructured":"npm Inc. 2012. npm-shrinkwrap: Lock down dependency versions. https:\/\/docs.npmjs.com\/cli\/shrinkwrap. https:\/\/docs.npmjs.com\/cli\/shrinkwrap"},{"key":"e_1_3_2_1_53_1","unstructured":"Erlend Oftedal et al. 2016. RetireJS. http:\/\/retirejs.github.io\/retire.js\/"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428203"},{"key":"e_1_3_2_1_55_1","volume-title":"Awesome Micro npm Packages (latest commit","author":"Parodi Andrea","year":"2020","unstructured":"Andrea Parodi. 2009. Awesome Micro npm Packages (latest commit: Oct 5, 2020; a302e14). https:\/\/git.io\/JUpA4. https:\/\/git.io\/JUpA4 Accessed: 2020--10-07."},{"key":"e_1_3_2_1_56_1","unstructured":"Open Web Application Security Project. 2018. OWASP Top Ten Project'17. https:\/\/www.owasp.org\/index.php\/Top_10--2017_Top_10. https:\/\/www.owasp.org\/index.php\/Top_10--2017_Top_10 Accessed: 2018-09--27."},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"12","author":"Provos Niels","year":"2003","unstructured":"Niels Provos, Markus Friedl, and Peter Honeyman. 2003. Preventing Privilege Escalation. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12 (SSYM'03). USENIX Association, Berkeley, CA, USA, 16--16. http:\/\/dl.acm.org\/citation.cfm?id=1251353.1251369"},{"key":"e_1_3_2_1_58_1","volume-title":"Moving target defense","author":"Rinard Martin","unstructured":"Martin Rinard. 2011. Manipulating program functionality to eliminate security vulnerabilities. In Moving target defense. Springer, 109--115."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/800216.806586"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361067"},{"key":"e_1_3_2_1_61_1","volume-title":"Trustworthy Global Computing","author":"Santos Jos\u00e9 Fragoso","unstructured":"Jos\u00e9 Fragoso Santos, Thomas Jensen, Tamara Rezk, and Alan Schmitt. 2015. Hybrid typing of secure information flow in a JavaScript-like language. In Trustworthy Global Computing. Springer, 63--78."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55415-5_23"},{"key":"e_1_3_2_1_63_1","unstructured":"Node Security. 2016. Continuous Security monitoring for your node apps. https:\/\/nodesecurity.io\/"},{"key":"e_1_3_2_1_64_1","volume-title":"EROS: a fast capability system","author":"Shapiro Jonathan S","unstructured":"Jonathan S Shapiro, Jonathan M Smith, and David J Farber. 1999. EROS: a fast capability system. Vol. 33. ACM."},{"key":"e_1_3_2_1_65_1","unstructured":"Snyk. 2021. Snyk Vulnerability Database. https:\/\/snyk.io\/vuln?type=npm"},{"key":"e_1_3_2_1_66_1","volume-title":"Correlation Tracking for Points-To Analysis of JavaScript. In ECOOP 2012 - Object-Oriented Programming - 26th European Conference, Beijing, China, June 11--16, 2012. Proceedings. 435--458","author":"Sridharan Manu","year":"2012","unstructured":"Manu Sridharan, Julian Dolby, Satish Chandra, Max Sch\"a fer, and Frank Tip. 2012. Correlation Tracking for Points-To Analysis of JavaScript. In ECOOP 2012 - Object-Oriented Programming - 26th European Conference, Beijing, China, June 11--16, 2012. Proceedings. 435--458."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380390"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23071"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.5555\/2685048.2685060"},{"key":"e_1_3_2_1_70_1","unstructured":"Michael Stepankin. 2016a. [demo.paypal.com] Node.js code injection (RCE). http:\/\/artsploit.blogspot.com\/2016\/08\/pprce2.html. http:\/\/artsploit.blogspot.com\/2016\/08\/pprce2.html Accessed: 2018--10-05."},{"key":"e_1_3_2_1_71_1","volume-title":"Snyk: Code Injection in dustjs-linkedin. https:\/\/snyk.io\/vuln\/npm:dustjs-linkedin:20160819. https:\/\/snyk.io\/vuln\/npm:dustjs-linkedin:20160819 Accessed: 2019-03--19.","author":"Stepankin Michael","year":"2016","unstructured":"Michael Stepankin. 2016b. Snyk: Code Injection in dustjs-linkedin. https:\/\/snyk.io\/vuln\/npm:dustjs-linkedin:20160819. https:\/\/snyk.io\/vuln\/npm:dustjs-linkedin:20160819 Accessed: 2019-03--19."},{"key":"e_1_3_2_1_72_1","unstructured":"TC39. 2021. Draft Proposal for SES (Secure EcmaScript). https:\/\/github.com\/tc39\/proposal-ses. https:\/\/github.com\/tc39\/proposal-ses Accessed: 2021-04--20."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41488-6_5"},{"key":"e_1_3_2_1_74_1","volume-title":"Presented as part of the 3rd USENIX Conference on Web Application Development (WebApps 12). 95--100.","author":"Terrace Jeff","unstructured":"Jeff Terrace, Stephen R Beard, and Naga Praveen Kumar Katta. 2012. JavaScript in JavaScript (js. js): sandboxing third-party scripts. In Presented as part of the 3rd USENIX Conference on Web Application Development (WebApps 12). 95--100."},{"key":"e_1_3_2_1_75_1","volume-title":"Fabio Massacci, and Frank Piessens.","author":"van Ginkel Neline","year":"2019","unstructured":"Neline van Ginkel, Willem De Groef, Fabio Massacci, and Frank Piessens. 2019. A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries. Security and Communication Networks, Vol. 2019 (2019)."},{"key":"e_1_3_2_1_76_1","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21)","author":"Vasilakis Nikos","unstructured":"Nikos Vasilakis, Achilles Benetopoulos, Shivam Handa, Alizee Schoen, and Martin C. Rinard. 2021 a. Supply-Chain Vulnerability Elimination via Active Learning and Regeneration. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21). Association for Computing Machinery, New York, NY, USA."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23131"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468574"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_80_1","volume-title":"ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. In 24th USENIX Security Symposium, USENIX Security 15","author":"Weissbacher Michael","year":"2015","unstructured":"Michael Weissbacher, William K. Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2015. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12--14, 2015, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 737--752. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/weissbacher"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_49"},{"key":"e_1_3_2_1_82_1","volume-title":"Zakas and ESLint contributors","author":"Nicholas","year":"2013","unstructured":"Nicholas C. Zakas and ESLint contributors. 2013. ESLint--Pluggable JavaScript linter. https:\/\/eslint.org\/. https:\/\/eslint.org\/ Accessed: 2018-07--12."},{"key":"e_1_3_2_1_83_1","volume-title":"Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with High Risks: A Study of Security Threats in the Npm Ecosystem. In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 995--1010."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484535","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484535","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484535","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:53:31Z","timestamp":1763499211000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484535"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":83,"alternative-id":["10.1145\/3460120.3484535","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484535","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}