International Journal For Multidisciplinary Research
E-ISSN: 2582-2160
•
Impact Factor: 9.24
A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal
Home
Research Paper
Submit Research Paper
Publication Guidelines
Publication Charges
Upload Documents
Track Status / Pay Fees / Download Publication Certi.
Editors & Reviewers
View All
Join as a Reviewer
Get Membership Certificate
Current Issue
Publication Archive
Conference
Publishing Conf. with IJFMR
Upcoming Conference(s) ↓
Conferences Published ↓
DePaul-2026
IC-AIRCM-T3-2026
NSSFIGTMA-2025
SPHERE-2025
AIMAR-2025
SVGASCA-2025
ICCE-2025
Chinai-2023
PIPRDA-2023
ICMRS'23
Contact Us
Plagiarism is checked by the leading plagiarism checker
Call for Paper
Volume 8 Issue 4
July-August 2026
Indexing Partners
A Multi-Stage Architecture for Detecting and Mitigating Compromised NPM Dependencies in Front-End CI/CD Pipelines
| Author(s) | Althaf Khan Pattan, Parth Patel |
|---|---|
| Country | United States |
| Abstract | Modern front-end applications rely heavily on third-party packages distributed through the npm registry. While this dependency model accelerates development, it introduces a significant and growing attack surface. Recent incidents have shown that a single compromised package can affect thousands of downstream projects within hours. Existing security tooling operates primarily on known vulnerability databases and offers limited protection against novel or zero-day supply chain attacks. This paper presents a multi-stage architecture designed to detect and mitigate compromised npm dependencies across the full lifecycle of a front-end CI/CD pipeline. The architecture operates in three stages: pre-merge analysis that combines dependency diffing, behavioral fingerprinting, and maintainer trust scoring; build-time verification through content hash validation, software bill of materials generation, and policy-as-code enforcement; and post-deployment monitoring using runtime behavioral baselining with automated rollback capability. Simulated evaluation across 950 dependency update scenarios demonstrates that the combined architecture achieves a detection precision of 0.908 and recall of 0.900, while adding a median of 19.3 seconds to the build pipeline. These results suggest that proactive, multi-layered dependency vetting can substantially reduce the window of exposure to supply chain compromises without imposing prohibitive overhead on development workflows. All experimental results reported in this paper are based on simulated scenarios. |
| Keywords | software supply chain security, npm, dependency management, behavioral analysis, CI/CD pipeline security, software bill of materials, package integrity, front-end security. |
| Field | Engineering |
| Published In | Volume 6, Issue 1, January-February 2024 |
| Published On | 2024-01-05 |
| DOI | https://doi.org/10.36948/ijfmr.2024.v06i01.80820 |
Share this

E-ISSN 2582-2160
CrossRef DOI prefix of IJFMR is 10.36948/ijfmr
Downloads
All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.
Powered by Sky Research Publication and Journals