English
Related papers

Related papers: License Incompatibilities in Software Ecosystems

200 papers

As modern software development increasingly relies on reusable libraries and components, managing dependencies has become critical for ensuring software stability and security. However, challenges such as outdated dependencies, missed…

Software Engineering · Computer Science 2025-04-01 Barisha Chowdhury , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

Permissive licenses like MIT, Apache-2.0, and BSD-3-Clause dominate open-source AI, signaling that artifacts like models, datasets, and code can be freely used, modified, and redistributed. However, these licenses carry mandatory…

Machine Learning · Computer Science 2026-02-10 James Jewitt , Gopi Krishnan Rajbahadur , Hao Li , Bram Adams , Ahmed E. Hassan

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node…

Cryptography and Security · Computer Science 2021-08-24 Berkay Kaplan , Jingyu Qian

Modern software systems are often built by leveraging code written by others in the form of libraries and packages to accelerate their development. While there are many benefits to using third-party packages, software projects often become…

Software Engineering · Computer Science 2022-08-30 Jasmine Latendresse , Suhaib Mujahid , Diego Elias Costa , Emad Shihab

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a…

Software Engineering · Computer Science 2024-01-24 Daniel Venturini , Filipe Roseiro Cogo , Ivanilton Polato , Marco A Gerosa , Igor Scaliante Wiese

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing…

Software Engineering · Computer Science 2020-12-16 Paolo Boldi , Georgios Gousios

A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the…

Cryptography and Security · Computer Science 2020-05-20 Marc Ohm , Henrik Plate , Arnold Sykosch , Michael Meier

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Rebuilding packages from open source is a common practice to improve the security of software supply chains, and is now done at an industrial scale. The basic principle is to acquire the source code used to build a package published in a…

Software Engineering · Computer Science 2026-02-24 Jens Dietrich , Behnaz Hassanshahi

Context: Modern software systems (e.g., Apache Spark) are usually written in multiple programming languages (PLs). There is little understanding on the phenomenon of multi-programming-language commits (MPLCs), which involve modified source…

Software Engineering · Computer Science 2023-11-16 Zengyang Li , Xiaoxiao Qi , Qinyi Yu , Peng Liang , Ran Mo , Chen Yang

Developers usually select different open source licenses to restrain the conditions of using open source software, in order to protect intellectual property rights effectively and maintain the long-term development of the software. However,…

Software Engineering · Computer Science 2020-09-03 Xin Wu , Jian-Yu Wu , Ming-Hui Zhou , Zhi-Qiang Wang , Li-Yun Yang

Modern software projects depend on many third-party libraries, complicating reproducible and secure builds. Several package managers address this with the generation of a lockfile that freezes dependency versions and can be used to verify…

Software Engineering · Computer Science 2025-10-07 Larissa Schmid , Elias Lundell , Yogya Gamage , Benoit Baudry , Martin Monperrus

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper,…

Cryptography and Security · Computer Science 2026-04-21 Michael Robinson , Sajal Halder , Muhammad Ejaz Ahmed , Muhammad Ikram , Seyit Camtepe , Hyoungshick Kim

Large language models (LLMs) provide effective solutions in various application scenarios, with the support of retrieval-augmented generation (RAG). However, developers face challenges in integrating LLM and RAG into software systems, due…

Software Engineering · Computer Science 2025-02-11 Yuchen Shao , Yuheng Huang , Jiawei Shen , Lei Ma , Ting Su , Chengcheng Wan

PyPI provides a convenient and accessible package management platform to developers, enabling them to quickly implement specific functions and improve work efficiency. However, the rapid development of the PyPI ecosystem has led to a severe…

Software Engineering · Computer Science 2023-09-21 Wenbo Guo , Zhengzi Xu , Chengwei Liu , Cheng Huang , Yong Fang , Yang Liu

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

This research analyzes complex networks in open-source software at the inter-package level, where package dependencies often span across projects and between development groups. We review complex networks identified at ``lower'' levels of…

Software Engineering · Computer Science 2007-05-23 Nathan LaBelle , Eugene Wallingford

Third-party libraries (TPLs) are frequently reused in software to reduce development cost and the time to market. However, external library dependencies may introduce vulnerabilities into host applications. The issue of library dependency…

Software Engineering · Computer Science 2022-09-21 Wei Tang , Zhengzi Xu , Chengwei Liu , Jiahui Wu , Shouguo Yang , Yi Li , Ping Luo , Yang Liu