[9] James C. Davis, Christy A. Coghlan, Francisco Servant,
and Dongyoon Lee. The impact of regular expression
denial of service (redos) in practice: an empirical study
at the ecosystem scale. In Proceedings of the 2018 ACM
Joint Meeting on European Software Engineering Con-
ference and Symposium on the Foundations of Software
Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena
Vista, FL, USA, November 04-09, 2018, pages 246–256,
2018.
[10] James C. Davis, Eric R. Williamson, and Dongyoon
Lee. A sense of time for javascript and node.js: First-
class timeouts as a cure for event handler poisoning. In
27th USENIX Security Symposium, USENIX Security
2018, Baltimore, MD, USA, August 15-17, 2018., pages
343–359, 2018.
[11] Alexandre Decan, Tom Mens, and Maëlick Claes. An
empirical comparison of dependency issues in OSS
packaging ecosystems. In IEEE 24th International Con-
ference on Software Analysis, Evolution and Reengineer-
ing, SANER 2017, Klagenfurt, Austria, February 20-24,
2017, pages 2–12, 2017.
[12] Alexandre Decan, Tom Mens, and Eleni Constantinou.
On the evolution of technical lag in the npm package
dependency network. In 2018 IEEE International Con-
ference on Software Maintenance and Evolution, ICSME
2018, Madrid, Spain, September 23-29, 2018, pages 404–
414, 2018.
[13] Alexandre Decan, Tom Mens, and Eleni Constanti-
nou. On the impact of security vulnerabilities in the
npm package dependency network. In Proceedings of
the 15th International Conference on Mining Software
Repositories, MSR 2018, Gothenburg, Sweden, May 28-
29, 2018, pages 181–191, 2018.
[14] Alexandre Decan, Tom Mens, and Philippe Grosjean.
An empirical comparison of dependency network evo-
lution in seven software packaging ecosystems. CoRR,
abs/1710.04936, 2017.
[15] Daniel M. Germán, Bram Adams, and Ahmed E. Hassan.
The evolution of the R software ecosystem. In 17th
European Conference on Software Maintenance and
Reengineering, CSMR 2013, Genova, Italy, March 5-8,
2013, pages 243–252, 2013.
[16] Liang Gong. Dynamic Analysis for JavaScript Code.
PhD thesis, University of California, Berkeley, 2018.
[17] Jaap Kabbedijk and Slinger Jansen. Steering insight:
An exploration of the ruby software ecosystem. In Soft-
ware Business - Second International Conference, IC-
SOB 2011, Brussels, Belgium, June 8-10, 2011. Proceed-
ings, pages 44–55, 2011.
[18] Riivo Kikas, Georgios Gousios, Marlon Dumas, and
Dietmar Pfahl. Structure and evolution of package de-
pendency networks. In Proceedings of the 14th Inter-
national Conference on Mining Software Repositories,
MSR 2017, Buenos Aires, Argentina, May 20-28, 2017,
pages 102–112, 2017.
[19] Raula Gaikovina Kula, Ali Ouni, Daniel M. Germán,
and Katsuro Inoue. On the impact of micro-packages:
An empirical study of the npm javascript ecosystem.
CoRR, abs/1709.04638, 2017.
[20] Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad,
William Robertson, Christo Wilson, and Engin Kirda.
Thou shalt not depend on me: Analysing the use of
outdated javascript libraries on the web. In NDSS, 2017.
[21] Nuttapon Lertwittayatrai, Raula Gaikovina Kula, Saya
Onoue, Hideaki Hata, Arnon Rungsawang, Pattara Lee-
laprute, and Kenichi Matsumoto. Extracting insights
from the topology of the javascript package ecosys-
tem. In 24th Asia-Pacific Software Engineering Con-
ference, APSEC 2017, Nanjing, China, December 4-8,
2017, pages 298–307, 2017.
[22] Timothy Libert. Exposing the hidden web: An analysis
of third-party HTTP requests on 1 million websites.
CoRR, abs/1511.00619, 2015.
[23] Konstantinos Manikas. Revisiting software ecosystems
research: A longitudinal literature study. Journal of
Systems and Software, 117:84–103, 2016.
[24] Tom Mens. An ecosystemic and socio-technical view
on software maintenance and evolution. In 2016 IEEE
International Conference on Software Maintenance and
Evolution, ICSME 2016, Raleigh, NC, USA, October 2-7,
2016, pages 1–8, 2016.
[25] Gianluca Mezzetti, Anders Møller, and Martin Toldam
Torp. Type regression testing to detect breaking changes
in node.js libraries. In 32nd European Conference on
Object-Oriented Programming, ECOOP 2018, July 16-
21, 2018, Amsterdam, The Netherlands, pages 7:1–7:24,
2018.
[26] Nick Nikiforakis, Luca Invernizzi, Alexandros Kaprav-
elos, Steven Van Acker, Wouter Joosen, Christopher
Kruegel, Frank Piessens, and Giovanni Vigna. You
are what you include: large-scale evaluation of remote
JavaScript inclusions. In CCS, pages 736–747, 2012.
[27] Brian Pfretzschner and Lotfi Ben Othmane. Identifica-
tion of dependency-based attacks on node.js. In Proceed-
ings of the 12th International Conference on Availability,
Reliability and Security, Reggio Calabria, Italy, August
29 - September 01, 2017, pages 68:1–68:6, 2017.