Background: Software Package Registries (SPRs) are an integral part of the software supply
chain. These collaborative platforms unite contributors, users, and code for streamlined …

Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …

GitHub Actions was introduced as a way to automate CI/CD workflows in GitHub, the largest
social coding platform. Thanks to its deep integration into GitHub, GitHub Actions can be …

Libraries play a significant role in software development as they provide reusable
functionality, which helps expedite the development process. As libraries evolve, they …

Dependency management bots automatically open pull requests to update software
dependencies on behalf of developers. Early research shows that developers are …

Vulnerabilities in open source packages can be a security risk for the downstream client
projects. When a new vulnerability is discovered, a package should quickly release a fix in a …

Large-scale software development has become a highly collaborative and geographically
distributed endeavor, especially in open-source software development ecosystems and their …

Complex software systems have a network of dependencies. Developers often configure
package managers (eg, npm) to automatically update dependencies with each publication …

Many developers relying on open-source digital infrastructure expect continuous
maintenance, but even the most critical packages can become unmaintained. Despite this …