International Journal For Multidisciplinary Research

E-ISSN: 2582-2160     Impact Factor: 9.24

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 8, Issue 4 (July-August 2026) Submit your research before last 3 days of August to publish your research paper in the issue of July-August.

A Multi-Stage Architecture for Detecting and Mitigating Compromised NPM Dependencies in Front-End CI/CD Pipelines

Author(s) Althaf Khan Pattan, Parth Patel
Country United States
Abstract Modern front-end applications rely heavily on third-party packages distributed through the npm registry. While this dependency model accelerates development, it introduces a significant and growing attack surface. Recent incidents have shown that a single compromised package can affect thousands of downstream projects within hours. Existing security tooling operates primarily on known vulnerability databases and offers limited protection against novel or zero-day supply chain attacks. This paper presents a multi-stage architecture designed to detect and mitigate compromised npm dependencies across the full lifecycle of a front-end CI/CD pipeline. The architecture operates in three stages: pre-merge analysis that combines dependency diffing, behavioral fingerprinting, and maintainer trust scoring; build-time verification through content hash validation, software bill of materials generation, and policy-as-code enforcement; and post-deployment monitoring using runtime behavioral baselining with automated rollback capability. Simulated evaluation across 950 dependency update scenarios demonstrates that the combined architecture achieves a detection precision of 0.908 and recall of 0.900, while adding a median of 19.3 seconds to the build pipeline. These results suggest that proactive, multi-layered dependency vetting can substantially reduce the window of exposure to supply chain compromises without imposing prohibitive overhead on development workflows. All experimental results reported in this paper are based on simulated scenarios.
Keywords software supply chain security, npm, dependency management, behavioral analysis, CI/CD pipeline security, software bill of materials, package integrity, front-end security.
Field Engineering
Published In Volume 6, Issue 1, January-February 2024
Published On 2024-01-05
DOI https://doi.org/10.36948/ijfmr.2024.v06i01.80820

Share this