ProfMalPlus: Agent-Coordinated Detection of Malicious NPM Packages via Static-Dynamic Analysis Synergy
Jul 16, 2026
Researchers introduce ProfMalPlus, a detector for malicious NPM packages that integrates object-sensitive behavior graphs with coordinated large language model (LLM) reasoning over annotated code slices. ProfMalPlus achieves a 98.1% F1-score, surpassing existing detectors by 3.5% to 52.6%, and led to the identification and removal of 597 previously unknown malicious packages from the NPM registry.
Why it matters: This work demonstrates a significant advance in software supply chain security by leveraging LLM-based agent coordination to more effectively detect malicious packages in the NPM ecosystem.
Full story at: arXiv Cryptography and Security ↗