← Back to brief
ResearchOfficialPreprintarXiv Cryptography and Security

ProfMalPlus: Agent-Coordinated Detection of Malicious NPM Packages via Static-Dynamic Analysis Synergy

Jul 16, 2026

Researchers introduce ProfMalPlus, a detector for malicious NPM packages that integrates object-sensitive behavior graphs with coordinated large language model (LLM) reasoning over annotated code slices. ProfMalPlus achieves a 98.1% F1-score, surpassing existing detectors by 3.5% to 52.6%, and led to the identification and removal of 597 previously unknown malicious packages from the NPM registry.

Why it matters: This work demonstrates a significant advance in software supply chain security by leveraging LLM-based agent coordination to more effectively detect malicious packages in the NPM ecosystem.

Full story at: arXiv Cryptography and Security

More coverage