Existing program analysis techniques struggle to effectively detect taint-style vulnerabilities—such as arbitrary command injection—in Node.js packages due to their dynamic features and complex dependency structures. This work proposes LLMVD.js, the first vulnerability detection framework for the Node.js ecosystem that leverages a tool-augmented large language model (LLM) agent paradigm. Through multi-stage agent collaboration, LLMVD.js performs code scanning, generates vulnerability hypotheses, constructs automated proofs of concept (PoCs), and conducts lightweight execution-based validation—all without relying on specialized analysis engines, labeled vulnerability data, or historical reports. Experimental results demonstrate that the approach confirms 84% of known vulnerabilities on a public benchmark, substantially outperforming traditional tools (<22%), and successfully validates 36 previously unknown real-world vulnerabilities in 260 newly released packages, significantly advancing the state of the art.

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic JavaScript features and the large number of package dependencies. Recent advances in large language models (LLMs) and the emerging paradigm of LLM-based agents offer an alternative to handcrafted program models. This raises the question of whether an LLM-centric, tool-augmented approach can effectively detect and confirm taint-style vulnerabilities (e.g., arbitrary command injection) in Node$.$js packages. We implement LLMVD$.$js, a multi-stage agent pipeline to scan code, propose vulnerabilities, generate proof-of-concept exploits, and validate them through lightweight execution oracles; and systematically evaluate its effectiveness in taint-style vulnerability detection and confirmation in Node$.$js packages without dedicated static/dynamic analysis engines for path derivation. For packages from public benchmarks, LLMVD$.$js confirms 84% of the vulnerabilities, compared to less than 22% for prior program analysis tools. It also outperforms a prior LLM-program-analysis hybrid approach while requiring neither vulnerability annotations nor prior vulnerability reports. When evaluated on a set of 260 recently released packages (without vulnerability groundtruth information), traditional tools produce validated exploits for few ($\leq 2$) packages, while LLMVD$.$js generates validated exploits for 36 packages.