diff --git a/bench/packages/is-my-json-valid-2.20.0/harness.js b/bench/packages/is-my-json-valid-2.20.0/harness.js
new file mode 100644
index 0000000..fd101b7
--- /dev/null
+++ b/bench/packages/is-my-json-valid-2.20.0/harness.js
@@ -0,0 +1,14 @@
+const validator = require("is-my-json-valid");
+const esl = require("esl_symbolic");
+var prop = esl.string("prop");
+var schema = {
+  type: "object",
+  properties: {
+    [prop]: {
+    required: true,
+    type: "string",
+   },
+  },
+};
+let validate = validator(schema);
+validate({});
diff --git a/bench/packages/is-my-json-valid-2.20.0/package-lock.json b/bench/packages/is-my-json-valid-2.20.0/package-lock.json
new file mode 100644
index 0000000..0ac8993
--- /dev/null
+++ b/bench/packages/is-my-json-valid-2.20.0/package-lock.json
@@ -0,0 +1,73 @@
+{
+	"name": "is-my-json-valid-2.20.0",
+	"lockfileVersion": 3,
+	"requires": true,
+	"packages": {
+		"": {
+			"dependencies": {
+				"is-my-json-valid": "2.20.0"
+			}
+		},
+		"node_modules/generate-function": {
+			"version": "2.3.1",
+			"resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.3.1.tgz",
+			"integrity": "sha512-eeB5GfMNeevm/GRYq20ShmsaGcmI81kIX2K9XQx5miC8KdHaC6Jm0qQ8ZNeGOi7wYB8OsdxKs+Y2oVuTFuVwKQ==",
+			"license": "MIT",
+			"dependencies": {
+				"is-property": "^1.0.2"
+			}
+		},
+		"node_modules/generate-object-property": {
+			"version": "1.2.0",
+			"resolved": "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz",
+			"integrity": "sha512-TuOwZWgJ2VAMEGJvAyPWvpqxSANF0LDpmyHauMjFYzaACvn+QTT/AZomvPCzVBV7yDN3OmwHQ5OvHaeLKre3JQ==",
+			"license": "MIT",
+			"dependencies": {
+				"is-property": "^1.0.0"
+			}
+		},
+		"node_modules/is-my-ip-valid": {
+			"version": "1.0.1",
+			"resolved": "https://registry.npmjs.org/is-my-ip-valid/-/is-my-ip-valid-1.0.1.tgz",
+			"integrity": "sha512-jxc8cBcOWbNK2i2aTkCZP6i7wkHF1bqKFrwEHuN5Jtg5BSaZHUZQ/JTOJwoV41YvHnOaRyWWh72T/KvfNz9DJg==",
+			"license": "MIT"
+		},
+		"node_modules/is-my-json-valid": {
+			"version": "2.20.0",
+			"resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.20.0.tgz",
+			"integrity": "sha512-XTHBZSIIxNsIsZXg7XB5l8z/OBFosl1Wao4tXLpeC7eKU4Vm/kdop2azkPqULwnfGQjmeDIyey9g7afMMtdWAA==",
+			"license": "MIT",
+			"dependencies": {
+				"generate-function": "^2.0.0",
+				"generate-object-property": "^1.1.0",
+				"is-my-ip-valid": "^1.0.0",
+				"jsonpointer": "^4.0.0",
+				"xtend": "^4.0.0"
+			}
+		},
+		"node_modules/is-property": {
+			"version": "1.0.2",
+			"resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz",
+			"integrity": "sha512-Ks/IoX00TtClbGQr4TWXemAnktAQvYB7HzcCxDGqEZU6oCmb2INHuOoKxbtR+HFkmYWBKv/dOZtGRiAjDhj92g==",
+			"license": "MIT"
+		},
+		"node_modules/jsonpointer": {
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.1.0.tgz",
+			"integrity": "sha512-CXcRvMyTlnR53xMcKnuMzfCA5i/nfblTnnr74CZb6C4vG39eu6w51t7nKmU5MfLfbTgGItliNyjO/ciNPDqClg==",
+			"license": "MIT",
+			"engines": {
+				"node": ">=0.10.0"
+			}
+		},
+		"node_modules/xtend": {
+			"version": "4.0.2",
+			"resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
+			"integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+			"license": "MIT",
+			"engines": {
+				"node": ">=0.4"
+			}
+		}
+	}
+}
diff --git a/bench/packages/is-my-json-valid-2.20.0/package.json b/bench/packages/is-my-json-valid-2.20.0/package.json
new file mode 100644
index 0000000..e42209a
--- /dev/null
+++ b/bench/packages/is-my-json-valid-2.20.0/package.json
@@ -0,0 +1,14 @@
+{
+  "dependencies": {
+    "is-my-json-valid": "2.20.0"
+  },
+  "vulnerability": {
+    "type": "code-injection",
+    "ghsa": "https://github.com/advisories/GHSA-f522-ffg8-j8r6",
+    "sink": {
+      "file": "index.js",
+      "line": 571,
+      "code": "validate = validate.toFunction(scope)"
+    }
+  }
+}
diff --git a/bench/packages/json-ptr-2.0.0/harness.js b/bench/packages/json-ptr-2.0.0/harness.js
new file mode 100644
index 0000000..f5041fc
--- /dev/null
+++ b/bench/packages/json-ptr-2.0.0/harness.js
@@ -0,0 +1,8 @@
+const { JsonPointer } = require("json-ptr");
+const esl_symbolic = require("esl_symbolic");
+var payload = esl_symbolic.string("payload");
+//`/aaa'])) !== 'undefined') {return it;}; ${customSpawn}; spawnSync("touch",["json-ptr"]); if(((['a`
+JsonPointer.get(
+  {},
+  payload
+);
diff --git a/bench/packages/json-ptr-2.0.0/package-lock.json b/bench/packages/json-ptr-2.0.0/package-lock.json
new file mode 100644
index 0000000..ae2f6c4
--- /dev/null
+++ b/bench/packages/json-ptr-2.0.0/package-lock.json
@@ -0,0 +1,28 @@
+{
+  "name": "json-ptr-2.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "json-ptr": "2.0.0"
+      }
+    },
+    "node_modules/json-ptr": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/json-ptr/-/json-ptr-2.0.0.tgz",
+      "integrity": "sha512-VGP7ucQzBLJFUC8sWR57ALW/+iui9NCE2i61SULum4TBfu9664bCdWjuRkjghbg1rj1k+8+PciKbfFJdGQlS1w==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "license": "0BSD"
+    }
+  }
+}
diff --git a/bench/packages/json-ptr-2.0.0/package.json b/bench/packages/json-ptr-2.0.0/package.json
new file mode 100644
index 0000000..b78bc19
--- /dev/null
+++ b/bench/packages/json-ptr-2.0.0/package.json
@@ -0,0 +1,14 @@
+{
+  "dependencies": {
+    "json-ptr": "2.0.0"
+  },
+  "vulnerabilities": {
+    "type": "code-injection",
+    "github": "https://github.com/advisories/GHSA-x5r6-x823-9848",
+    "sink": {
+      "code": "return new Function('it', body);",
+      "file": "src/util.ts",
+      "line": 159,
+    }
+  }
+}
diff --git a/bench/packages/node-rules-3.0.0/harness.js b/bench/packages/node-rules-3.0.0/harness.js
new file mode 100644
index 0000000..2622ba9
--- /dev/null
+++ b/bench/packages/node-rules-3.0.0/harness.js
@@ -0,0 +1,9 @@
+const A = require("node-rules");
+const esl = require("esl_symbolic");
+
+var a = new A();
+var rules = {
+  condition: esl.string("condition"),
+  consequence: esl.string("consequence")
+};
+a.fromJSON(rules);
diff --git a/bench/packages/node-rules-3.0.0/package-lock.json b/bench/packages/node-rules-3.0.0/package-lock.json
new file mode 100644
index 0000000..2d6318e
--- /dev/null
+++ b/bench/packages/node-rules-3.0.0/package-lock.json
@@ -0,0 +1,29 @@
+{
+  "name": "node-rules-3.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "node-rules": "3.0.0"
+      }
+    },
+    "node_modules/node-rules": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/node-rules/-/node-rules-3.0.0.tgz",
+      "integrity": "sha512-iMpEO+m1JU8D1u/28zu5ydreQ866dknH80Dbgwba36vK0k1pC8z5n+AFLsLBTS3y7Rd/GVEET0UnqeNExuYBJw==",
+      "dependencies": {
+        "underscore": ">= 1.7"
+      },
+      "engines": {
+        "node": ">= 0.4.x"
+      }
+    },
+    "node_modules/underscore": {
+      "version": "1.13.8",
+      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
+      "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
+      "license": "MIT"
+    }
+  }
+}
diff --git a/bench/packages/node-rules-3.0.0/package.json b/bench/packages/node-rules-3.0.0/package.json
new file mode 100644
index 0000000..e0846fd
--- /dev/null
+++ b/bench/packages/node-rules-3.0.0/package.json
@@ -0,0 +1,15 @@
+{
+  "index": "index.js",
+  "dependencies": {
+    "node-rules": "3.0.0"
+  },
+  "vulnerability": {
+    "type": "code-injection",
+    "ghsa": "https://github.com/advisories/GHSA-f78f-353m-cf4j",
+    "sink": {
+      "file": "lib/node-rules.js",
+      "lineno": 244,
+      "code": "rules.condition = eval(\"(\"+rules.condition+\")\");"
+    }
+  }
+}
diff --git a/bench/packages/node-rules-4.0.2/harness.js b/bench/packages/node-rules-4.0.2/harness.js
new file mode 100644
index 0000000..51f515f
--- /dev/null
+++ b/bench/packages/node-rules-4.0.2/harness.js
@@ -0,0 +1,10 @@
+const A = require("node-rules");
+const esl = require("esl_symbolic");
+
+var a = new A();
+var rules = [
+  { condition: esl.string("condition")
+  , consequence: esl.string("consequence")
+  }
+]
+a.fromJSON(rules);
diff --git a/bench/packages/node-rules-4.0.2/package-lock.json b/bench/packages/node-rules-4.0.2/package-lock.json
new file mode 100644
index 0000000..7117564
--- /dev/null
+++ b/bench/packages/node-rules-4.0.2/package-lock.json
@@ -0,0 +1,49 @@
+{
+  "name": "node-rules-4.0.2",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "node-rules": "4.0.2"
+      }
+    },
+    "node_modules/lodash.clonedeep": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
+      "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.filter": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/lodash.filter/-/lodash.filter-4.6.0.tgz",
+      "integrity": "sha512-pXYUy7PR8BCLwX5mgJ/aNtyOvuJTdZAo9EQFUvMIYugqmJxnrYaANvTbgndOzHSCSR0wnlBBfRXJL5SbWxo3FQ==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isequal": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
+      "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==",
+      "deprecated": "This package is deprecated. Use require('node:util').isDeepStrictEqual instead.",
+      "license": "MIT"
+    },
+    "node_modules/lodash.matches": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/lodash.matches/-/lodash.matches-4.6.0.tgz",
+      "integrity": "sha512-itQFfvxQETfkYkqZwUCvYXTSO9hyJuC/pUG3ckz8c5ioDR4gYfK117Bza6bKRRxB1MAX0Aezj79tqL3zINCiRA==",
+      "license": "MIT"
+    },
+    "node_modules/node-rules": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/node-rules/-/node-rules-4.0.2.tgz",
+      "integrity": "sha512-znCB71cdDCccsr9x9ozxo3mPD9O3Iw1u3a3oRmx6RA+OyBBnjN2mNpOmQbmr0Iv5wiae2/VkZ0P/naxY7BgUzA==",
+      "license": "MIT",
+      "dependencies": {
+        "lodash.clonedeep": "^4.5.0",
+        "lodash.filter": "^4.6.0",
+        "lodash.isequal": "^4.5.0",
+        "lodash.matches": "^4.6.0"
+      }
+    }
+  }
+}
diff --git a/bench/packages/node-rules-4.0.2/package.json b/bench/packages/node-rules-4.0.2/package.json
new file mode 100644
index 0000000..bb019ae
--- /dev/null
+++ b/bench/packages/node-rules-4.0.2/package.json
@@ -0,0 +1,14 @@
+{
+  "dependencies": {
+    "node-rules": "4.0.2"
+  },
+  "vulnerability": {
+    "cwe": "code-injection",
+    "ghsa": "https://github.com/advisories/GHSA-8whr-v3gm-w8h9",
+    "sink": {
+      "file": "lib/node-rules.js",
+      "line": 152,
+      "code": "rule.condition = eval(rule.condition);"
+    }
+  }
+}