English
Related papers

Related papers: Less is More? An Empirical Study on Configuration …

200 papers

Python software development heavily relies on third-party packages. Direct and transitive dependencies create a labyrinth of software supply chains. While it is convenient to reuse code, vulnerabilities within these dependency chains can…

Cryptography and Security · Computer Science 2026-03-11 Jacob Mahon , Chenxi Hou , Zhihao Yao

The reuse and distribution of open-source software must be in compliance with its accompanying open-source license. In modern packaging ecosystems, maintaining such compliance is challenging because a package may have a complex…

Software Engineering · Computer Science 2023-08-14 Weiwei Xu , Hao He , Kai Gao , Minghui Zhou

Open-source licenses establish the legal foundation for software reuse, yet license variants, including both modified standard licenses and custom-created alternatives, introduce significant compliance complexities. Despite their prevalence…

Software Engineering · Computer Science 2025-11-03 Weiwei Xu , Hengzhi Ye , Kai Gao , Minghui Zhou

PyPI provides a convenient and accessible package management platform to developers, enabling them to quickly implement specific functions and improve work efficiency. However, the rapid development of the PyPI ecosystem has led to a severe…

Software Engineering · Computer Science 2023-09-21 Wenbo Guo , Zhengzi Xu , Chengwei Liu , Cheng Huang , Yong Fang , Yang Liu

In this research, we provide a comprehensive empirical summary of the Python Package Repository, PyPI, including both package metadata and source code covering 178,592 packages, 1,745,744 releases, 76,997 contributors, and 156,816,750…

Software Engineering · Computer Science 2019-07-29 Ethan Bommarito , Michael Bommarito

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Python third-party libraries (TPLs) are essential in modern software development, but upgrades often cause compatibility issues, leading to system failures. These issues fall into two categories: version compatibility issues (VCIs) and code…

Software Engineering · Computer Science 2026-03-31 Huashan Lei , Guanping Xiao , Yepang Liu , Zheng Zheng

Code sharing and reuse is a widespread use practice in software engineering. Although a vast amount of open-source Python code is accessible on many online platforms, programmers often find it difficult to restore a successful runtime…

Software Engineering · Computer Science 2022-01-19 Wei Cheng , Xiangrong Zhu , Wei Hu

Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis…

Cryptography and Security · Computer Science 2025-03-04 Sk Tanzir Mehedi , Chadni Islam , Gowri Ramachandran , Raja Jurdak

Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may lead to concrete software vulnerabilities. This…

Software Engineering · Computer Science 2021-12-28 Jukka Ruohonen , Kalle Hjerppe , Kalle Rindell

Background: Open source software ecosystems exhibit dense dependency networks in which maintenance degradation of structurally central packages can propagate widely. Despite increasing attention to open source sustainability, existing…

Software Engineering · Computer Science 2026-05-11 Alexandros Tsakpinis , Emil Schwenger , Alexander Pretschner

An increase in diverse technology stacks and third-party library usage has led developers to inevitably switch technologies. To assist these developers, maintainers have started to release their libraries to multiple technologies, i.e., a…

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern,…

Software Engineering · Computer Science 2025-09-05 Haowei Quan , Junjie Wang , Xinzhe Li , Terry Yue Zhuo , Xiao Chen , Xiaoning Du

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

The widespread adoption of open-source ecosystems enables developers to integrate third-party packages, but also exposes them to malicious packages crafted to execute harmful behavior via public repositories such as PyPI. Existing datasets…

Cryptography and Security · Computer Science 2025-12-16 Ahmed Ryan , Junaid Mansur Ifti , Md Erfan , Akond Ashfaque Ur Rahman , Md Rayhanur Rahman

Resolving Python dependency issues remains a tedious and error-prone process, forcing developers to manually trial compatible module versions and interpreter configurations. Existing automated solutions, such as knowledge-graph-based and…

Software Engineering · Computer Science 2025-10-17 Antony Bartlett , Cynthia Liem , Annibale Panichella

Modern Python projects execute computational functions using native libraries and give Python interfaces to boost execution speed; hence, testing these libraries becomes critical to the project's robustness. One challenge is that existing…

Software Engineering · Computer Science 2022-06-29 Xin Zhang , Xutong Ma , Jiwen Yan , Baoquan Cui , Jun Yan , Jian Zhang

Third-party Python libraries introduce dependency management overhead, supply chain risk, and deployment friction in constrained environments. A natural question is how much of this ecosystem can be replicated using only Python's standard…

Software Engineering · Computer Science 2026-05-21 Peng Ding , Rick Stevens

Dependency bloat is a persistent challenge in Python projects, which increases maintenance costs and security risks. While numerous tools exist for detecting unused dependencies in Python, removing these dependencies across the source code…

‹ Prev 1 2 3 10 Next ›