English
Related papers

Related papers: What makes a good Node.js package? Investigating U…

200 papers

The management of third-party package dependencies is crucial to most technology stacks, with package managers acting as brokers to ensure that a verified package is correctly installed, configured, or removed from an application. Diversity…

Software Engineering · Computer Science 2021-08-16 Syful Islam , Raula Gaikovina Kula , Christoph Treude , Bodin Chinthanet , Takashi Ishio , Kenichi Matsumoto

The rise of user-contributed Open Source Software (OSS) ecosystems demonstrate their prevalence in the software engineering discipline. Libraries work together by depending on each other across the ecosystem. From these ecosystems emerges a…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Ali Ouni , Daniel M. German , Katsuro Inoue

Contemporary software projects often utilize a README.md to share crucial information such as installation and usage examples related to their software. Furthermore, these files serve as an important source of updated and useful…

Software Engineering · Computer Science 2018-02-28 Shohei Ikeda , Akinori Ihara , Raula Gaikovina Kula , Kenichi Matsumoto

Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic…

Software Engineering · Computer Science 2023-05-26 Abbas Javan Jafari , Diego Elias Costa , Emad Shihab , Rabe Abdalkareem

With the urgent need to secure supply chains among Open Source libraries, attention has focused on mitigating vulnerabilities detected in these libraries. Although awareness has improved recently, most studies still report delays in the…

Software Engineering · Computer Science 2024-06-18 Ruksit Rojpaisarnkit , Hathaichanok Damrongsiri , Christoph Treude , Ali Ouni , Raula Gaikovina Kula

Software ecosystems (e.g., npm, PyPI) are the backbone of modern software developments. Developers add new packages to ecosystems every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in…

Software Engineering · Computer Science 2023-08-21 Suhaib Mujahid , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Much of the success of modern software development can be attributed to code reuse. The ability to reuse existing functionality via third-party dependencies has enabled massive gains in productivity, but for a long time the dominant…

Software Engineering · Computer Science 2025-10-07 Brittany Anne Reid , Raula Gaikovina Kula

The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm…

Cryptography and Security · Computer Science 2021-03-11 Gabriel Ferreira , Limin Jia , Joshua Sunshine , Christian Kästner

Package managers such as NPM have become essential for software development. The NPM repository hosts over 2 million packages and serves over 43 billion downloads every week. Unfortunately, the NPM dependency solver has several…

Software Engineering · Computer Science 2023-08-25 Donald Pinckney , Federico Cassano , Arjun Guha , Jon Bell , Massimiliano Culpo , Todd Gamblin

Due to their increasing complexity, today's software systems are frequently built by leveraging reusable code in the form of libraries and packages. Software ecosystems (e.g., npm) are the primary enablers of this code reuse, providing…

Software Engineering · Computer Science 2021-10-22 Suhaib Mujahid , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab , Mohamed Aymen Saied , Bram Adams

As the default package manager for Node.js, npm has become one of the largest package management systems in the world. To facilitate dependency management for developers, npm supports a special type of dependency, Peer Dependency, whose…

Software Engineering · Computer Science 2025-06-04 Xingyu Wang , Mingsen Wang , Wenbo Shen , Rui Chang

Software ecosystems can be viewed as socio-technical networks consisting of technical components (software packages) and social components (communities of developers) that maintain the technical components. Ecosystems evolve over time…

Software Engineering · Computer Science 2017-10-16 Eleni Constantinou , Tom Mens

Third-party package usage has become a common practice in contemporary software development. Developers often face different challenges, including choosing the right libraries, installing errors, discrepancies, setting up the environment,…

Software Engineering · Computer Science 2022-03-01 Syful Islam , Dong Wang , Raula Gaikovina Kula , Takashi Ishio , Kenichi Matsumoto

Dependency management in modern software development poses many challenges for developers who wish to stay up to date with the latest features and fixes whilst ensuring backwards compatibility. Project maintainers have opted for varied, and…

Software Engineering · Computer Science 2021-10-19 Abbas Javan Jafari , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab , Nikolaos Tsantalis

GitHub hosts millions of software repositories, facilitating developers to contribute to many projects in multiple ways. Most of the information about the repositories is text-based in the form of stars, forks, commits, and so on. However,…

Software Engineering · Computer Science 2022-05-03 Akhila Sri Manasa Venigalla , Kowndinya Boyalakunta , Sridhar Chimalakonda

The pull-based development model facilitates global collaboration within open-source software projects. However, whereas it is increasingly common for software to depend on other projects in their ecosystem, most research on the pull…

Software Engineering · Computer Science 2025-10-28 Willem Meijer , Mirela Riveni , Ayushi Rastogi

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

Industrial applications heavily rely on open-source software (OSS) libraries, which provide various benefits. But, they can also present a substantial risk if a vulnerability or attack arises and the community fails to promptly address the…

Software Engineering · Computer Science 2025-04-24 Alexandros Tsakpinis , Alexander Pretschner

Modern programming languages like Java require runtime systems to support the implementation and deployment of software applications in diverse computing platforms and operating systems. These runtime systems are normally developed in…

Software Engineering · Computer Science 2023-10-25 Salma Begum Tamanna , Gias Uddin , Lan Xia , Longyu Zhang