English
Related papers

Related papers: Towards Understanding Third-party Library Dependen…

200 papers

Developers rely on third-party library Application Programming Interfaces (APIs) when developing software. However, libraries typically come with assumptions and API usage constraints, whose violation results in API misuse. API misuses may…

Software Engineering · Computer Science 2026-04-17 Akalanka Galappaththi , Sarah Nadi , Christoph Treude

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing…

Software Engineering · Computer Science 2020-12-16 Paolo Boldi , Georgios Gousios

Large Language Models have advanced automated software development, however, it remains a challenge to correctly infer dependencies, namely, identifying the internal components and external packages required for a repository to successfully…

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

Software Engineering · Computer Science 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

One of the most powerful features of R is its infrastructure for contributed code. The built-in package manager and complementary repositories provide a great system for development and exchange of code, and have played an important role in…

Software Engineering · Computer Science 2013-11-04 Jeroen Ooms

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it…

Cryptography and Security · Computer Science 2017-03-28 Takuya Watanabe , Mitsuaki Akiyama , Fumihiro Kanei , Eitaro Shioji , Yuta Takata , Bo Sun , Yuta Ishi , Toshiki Shibahara , Takeshi Yagi , Tatsuya Mori

The C++ Standard Template Library is the flagship example for libraries based on the generic programming paradigm. The usage of this library is intended to minimize the number of classical C/C++ errors, but does not warrant bug-free…

Programming Languages · Computer Science 2011-11-17 N. Pataki

Large language models (LLMs) are now largely involved in software development workflows, and the code they generate routinely includes third-party library (TPL) imports annotated with specific version identifiers. These version choices can…

Software Engineering · Computer Science 2026-05-08 Chengjie Wang , Jingzheng Wu , Xiang Ling , Tianyue Luo , Chen Zhao

During the development of a software project, developers often need to upgrade third-party libraries (TPLs), aiming to keep their code up-to-date with the newest functionalities offered by the used libraries. In most cases, upgrading used…

Software Engineering · Computer Science 2022-01-21 Riccardo Rubei , Davide Di Ruscio , Claudio Di Sipio , Juri Di Rocco , Phuong T. Nguyen

Background: The C and C++ languages hold significant importance in Software Engineering research because of their widespread use in practice. Numerous studies have utilized Machine Learning (ML) and Deep Learning (DL) techniques to detect…

Software Engineering · Computer Science 2024-08-06 Anh The Nguyen , Triet Huynh Minh Le , M. Ali Babar

Security vulnerabilities introduced by applications using third-party dependencies are on the increase, caused by the emergence of large ecosystems of libraries such as the NPM packages for JavaScript. Nowadays, libraries depend on each…

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

In Open Source Software, resources of any project are open for reuse by introducing dependencies or copying the resource itself. In contrast to dependency-based reuse, the infrastructure to systematically support copy-based reuse appears to…

Software Engineering · Computer Science 2025-01-30 Mahmoud Jahanshahi , David Reid , Audris Mockus

The rise of Large Language Models (LLMs) has led to the widespread deployment of LLM-based systems across diverse domains. As these systems proliferate, understanding the risks associated with their complex supply chains is increasingly…

Software Engineering · Computer Science 2025-07-25 Yujie Ma , Lili Quan , Xiaofei Xie , Qiang Hu , Jiongchi Yu , Yao Zhang , Sen Chen

An increase in diverse technology stacks and third-party library usage has led developers to inevitably switch technologies. To assist these developers, maintainers have started to release their libraries to multiple technologies, i.e., a…

Dependency management in modern software development poses many challenges for developers who wish to stay up to date with the latest features and fixes whilst ensuring backwards compatibility. Project maintainers have opted for varied, and…

Software Engineering · Computer Science 2021-10-19 Abbas Javan Jafari , Diego Elias Costa , Rabe Abdalkareem , Emad Shihab , Nikolaos Tsantalis

Unit testing plays a pivotal role in the software development lifecycle, as it ensures code quality. However, writing high-quality unit tests remains a time-consuming task for developers in practice. More recently, the application of large…

Software Engineering · Computer Science 2025-08-12 Yuwei Zhang , Qingyuan Lu , Kai Liu , Wensheng Dou , Jiaxin Zhu , Li Qian , Chunxi Zhang , Zheng Lin , Jun Wei

Third-party package usage has become a common practice in contemporary software development. Developers often face different challenges, including choosing the right libraries, installing errors, discrepancies, setting up the environment,…

Software Engineering · Computer Science 2022-03-01 Syful Islam , Dong Wang , Raula Gaikovina Kula , Takashi Ishio , Kenichi Matsumoto