How Plumber works?
Constructing Vulnerability
Propagation (VP) Model
Propagation (VP) Model
Identifying all the vulnerability paths in VP model
Diagnosing the blocking issues of vulnerability patches for
overall npm ecosystem
ecosystem
Submitting the issue reports
and PRs automatically
It continuously crawls vulnerability metadata and npm dependency metadata
It identifies all the packages that block the propagation of vulnerability paths on the dependency paths
It identifies the blocking packages and suggests fixing solutions to boost the
patch propagation
Plumber automatically submits the issue reports and PRs the blocking projects to boost the propagation of
vulnerability patches
patches