GitHub Actions was introduced in 2019 and constitutes an integrated alternative to CI/CD
services for GitHub repositories. The deep integration with GitHub allows repositories to …

Open source software projects often rely on package management systems that help
projects discover, incorporate, and maintain dependencies on other packages, maintained …

The large amount of third-party packages available in fast-moving software ecosystems,
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …

Dependency management in modern software development poses many challenges for
developers who wish to stay up to date with the latest features and fixes whilst ensuring …

Third-party libraries (TPLs) are frequently reused in software to reduce development cost
and the time to market. However, external library dependencies may introduce …

Managing cross-project dependencies is tricky in modern software development. A primary
way to manage dependencies is using dependency configuration files, which brings …

While open-source software has enabled significant levels of reuse to speed up software
development, it has also given rise to the dreadful dependency hell that all software …

Modern software systems are increasingly dependent upon code from external packages
(ie, dependencies). Building upon external packages allows software reuse to span across …

Developers are increasingly using services such as Dependabot to automate dependency
updates. However, recent research has shown that developers perceive such services as …

Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven
ecosystem in the long term. Despite patches being released promptly after vulnerabilities …