Taint-Style Vulnerability Detection and Confirmation for Node.Js Packages Using LLM Agent Reasoning
The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic...