Plumber

Table Statistics of the most influential blocking chains detected by Plumber

Demo×

1. Click the blocking chain you want to query.
2. Click the "Downstream package" button in the legend to see full vulnerable paths in the dependency graph.
3. Plumber provide the detailed issue description and remediation suggestion(s).

Status a: Vulnerabilities remediated using our strategies; Status b: Vulnerabilities under remediation using our strategies; Status c: Remediation strategies confirmed, but inducing incompatibility issues; Status d: Developers were unwilling to create backports; Status e: False positive vulnerabilities checked by developers; Status f: Inaccurate info in the vulnerability DB; Status g: Care nothing about vulnerabilities; Status h: Reports pending; ♠: Other;

Rank	Blocking chain	Blocking package	Vulnerability package	Vulnerability ID	Vulnerability severity	#Affected projects	#Affected paths	Status

Detailed information of blocking chain
Rank	Blocking chain	Blocking package	Vulnerability package	Vulnerability ID	Vulnerability severity	#Affected projects	#Affected paths	Status

Vulnerability Paths

Analyzing... The process may take you several seconds.

Most functions are working, while some are under tuning for performance...

Issue Description

Remediation suggestion

How Plumber works?

Constructing Vulnerability
Propagation (VP) Model

Propagation (VP) Model

Identifying all the vulnerability paths in VP model

Diagnosing the blocking issues of vulnerability patches for
overall npm ecosystem

ecosystem

Submitting the issue reports
and PRs automatically

It continuously crawls vulnerability metadata and npm dependency metadata

It identifies all the packages that block the propagation of vulnerability paths on the dependency paths

It identifies the blocking packages and suggests fixing solutions to boost the
patch propagation

Plumber automatically submits the issue reports and PRs the blocking projects to boost the propagation of
vulnerability patches

patches