English
Related papers

Related papers: Contrasting Third-Party Package Management User Ex…

200 papers

Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…

Software Engineering · Computer Science 2024-04-19 Cadence Patrick , Kimberly Ruth , Zakir Durumeric

An Operating System (OS) combines multiple interdependent software packages, which usually have their own independently developed architectures. When a multitude of independent packages are placed together in an OS, an implicit…

Software Engineering · Computer Science 2023-07-11 Victor Prokhorenko , Chadni Islam , Muhammad Ali Babar

The selection of third-party libraries is an essential element of virtually any software development project. However, deciding which libraries to choose is a challenging practical problem. Selecting the wrong library can severely impact a…

Software Engineering · Computer Science 2020-09-10 Enrique Larios-Vargas , Maurício Aniche , Christoph Treude , Magiel Bruntink , Georgios Gousios

The open-source Linux operating system is available through a wide variety of distributions, each containing a collection of installable software packages. It can be important to keep these packages as fresh as possible to benefit from new…

Software Engineering · Computer Science 2020-08-03 Damien Legay , Alexandre Decan , Tom Mens

This chapter defines and presents different kinds of software ecosystems. The focus is on the development, tooling and analytics aspects of software ecosystems, i.e., communities of software developers and the interconnected software…

Software Engineering · Computer Science 2023-07-31 Tom Mens , Coen De Roover

Software ecosystems (e.g., npm, PyPI) are the backbone of modern software developments. Developers add new packages to ecosystems every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in…

Software Engineering · Computer Science 2023-08-21 Suhaib Mujahid , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab

Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic…

Software Engineering · Computer Science 2023-05-26 Abbas Javan Jafari , Diego Elias Costa , Emad Shihab , Rabe Abdalkareem

The Node.js Package Manager (i.e., npm) archive repository serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world. However, as a developer, selecting an appropriate npm…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Brittany Reid , Christoph Treude , Markus Wagner , Raula Gaikovina Kula , Takashi Ishio , Kenichi Matsumoto

Package managers are everywhere, with seemingly every language and operating system implementing their own solution. The lack of interoperability between these systems means that multi-lingual projects are unable to express precise…

The liberalization of software licensing has led to unprecedented re-use of software. Alongside drastically increasing productivity and arguably quality of derivative works, it has also introduced multiple attack vectors. The management of…

Software Engineering · Computer Science 2023-02-20 Aarnav M. Bos

High Performance Computing~(HPC) software stacks have become complex, with the dependencies of some applications numbering in the hundreds. Packaging, distributing, and administering software stacks of that scale is a complex undertaking…

Software Engineering · Computer Science 2022-11-14 Farid Zakaria , Thomas R. W. Scogland , Todd Gamblin , Carlos Maltzahn

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks…

Software Engineering · Computer Science 2025-09-08 Raphina Liu , Sofia Bobadilla , Benoit Baudry , Martin Monperrus

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams

Background: Requirement engineering is often considered a critical activity in system development projects. The increasing complexity of software, as well as number and heterogeneity of stakeholders, motivate the development of methods and…

A risk in adopting third-party dependencies into an application is their potential to serve as a doorway for malicious code to be injected (most often unknowingly). While many initiatives from both industry and research communities focus on…

Software Engineering · Computer Science 2023-09-11 Supatsara Wattanakriengkrai , Raula Gaikovina Kula , Christoph Treude , Kenichi Matsumoto

In today's landscape, hardware development teams face increasing demands for better quality products, greater innovation, and shorter manufacturing lead times. Despite the need for more efficient and effective processes, hardware designers…

Human-Computer Interaction · Computer Science 2025-08-11 Kathy Cheng , Alison Olechowski , Shurui Zhou

Developers frequently move into new teams or environments across software companies. Their onboarding experience is correlated with productivity, job satisfaction, and other short-term and long-term outcomes. The majority of the onboarding…

Software Engineering · Computer Science 2021-03-10 An Ju , Hitesh Sajnani , Scot Kelly , Kim Herzig

Open-source software (OSS) plays a crucial role in modern software development. Utilizing OSS code can greatly accelerate software development, reduce redundancy, and enhance reliability. Python, a widely adopted programming language, is…

Software Engineering · Computer Science 2024-08-21 Zhiqing Zhong , Shilin He , Haoxuan Wang , Boxi Yu , Haowen Yang , Pinjia He

As part of our larger research effort to improve support for diverse end user human-centric aspects during software development, we wanted to better understand how developers currently go about addressing these challenging human-centric…

Software Engineering · Computer Science 2022-10-07 John Grundy , Tanjila Kanij , Jennifer McIntosh , Hourieh Khalajzadeh , Ingo Mueller

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a…

Software Engineering · Computer Science 2024-01-24 Daniel Venturini , Filipe Roseiro Cogo , Ivanilton Polato , Marco A Gerosa , Igor Scaliante Wiese