Taint-Style Vulnerability Detection and Confirmation for Node.js Packages Using LLM Agent Reasoning

ArXi:2604.20179v1 Announce Type: cross The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic JavaScript features and the large number of package dependencies. Recent advances in large language models (LLMs) and the emerging paradigm of LLM-based agents offer an alternative to handcrafted program models.