Small world with high risks: A study of security threats in the npm ecosystem
M Zimmermann, CA Staicu, C Tenny… - 28th USENIX Security …, 2019 - usenix.org
The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …
via the npm software package registry. The open nature of npm has boosted its growth …
Demystifying the vulnerability propagation and its evolution via dependency trees in the npm ecosystem
Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
An empirical comparison of dependency network evolution in seven software packaging ecosystems
Nearly every popular programming language comes with one or more package managers.
The software packages distributed by such package managers form large software …
The software packages distributed by such package managers form large software …
A qualitative study of dependency management and its security implications
Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …
many developers do not often update their vulnerable software libraries thus exposing the …
Pycg: Practical call graph generation in python
V Salis, T Sotiropoulos, P Louridas… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
Understanding software-2.0: A study of machine learning library usage and evolution
Enabled by a rich ecosystem of Machine Learning (ML) libraries, programming using
learned models, ie, Software-2.0, has gained substantial adoption. However, we do not …
learned models, ie, Software-2.0, has gained substantial adoption. However, we do not …
When and how to make breaking changes: Policies and practices in 18 open source software ecosystems
Open source software projects often rely on package management systems that help
projects discover, incorporate, and maintain dependencies on other packages, maintained …
projects discover, incorporate, and maintain dependencies on other packages, maintained …
Modular call graph construction for security scanning of node. js applications
Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …
of a large number of interdependent modules. Because of the dynamic features of …
On the impact of security vulnerabilities in the npm and RubyGems dependency networks
The increasing interest in open source software has led to the emergence of large language-
specific package distributions of reusable software libraries, such as npm and RubyGems …
specific package distributions of reusable software libraries, such as npm and RubyGems …
" Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain
Open source components are ubiquitous in companies' setups, processes, and software.
Utilizing these external components as building blocks enables companies to leverage the …
Utilizing these external components as building blocks enables companies to leverage the …