Research Contributions:
Identify weak links signals in the npm dependency graph.
An automated code review workflow powered by Large Language Models (LLMs) for detecting malicious packages.
Empirical evaluation of open-source software to identify actionable security practice metrics.
Model to identify which security practices are most important to understand the relationship between security practices and security outcome metrics.