Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration
Third-party library reuse has become common practice in contemporary software
development, as it includes several benefits for developers. Library dependencies are …
development, as it includes several benefits for developers. Library dependencies are …
An empirical study of pre-trained model reuse in the hugging face deep learning model registry
Deep Neural Networks (DNNs) are being adopted as components in software systems.
Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the …
Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the …
Empirical analysis of security vulnerabilities in python packages
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …
open platform of reusable packages that speed up and facilitate development tasks …
An empirical comparison of dependency network evolution in seven software packaging ecosystems
Nearly every popular programming language comes with one or more package managers.
The software packages distributed by such package managers form large software …
The software packages distributed by such package managers form large software …
A qualitative study of dependency management and its security implications
Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …
many developers do not often update their vulnerable software libraries thus exposing the …
Structure and evolution of package dependency networks
Software developers often include available open-source software packages into their
projects to minimize redundant effort. However, adding a package to a project can also …
projects to minimize redundant effort. However, adding a package to a project can also …
Why do developers use trivial packages? an empirical case study on npm
Code reuse is traditionally seen as good practice. Recent trends have pushed the concept of
code reuse to an extreme, by using packages that implement simple and trivial tasks, which …
code reuse to an extreme, by using packages that implement simple and trivial tasks, which …
An exploratory study of deep learning supply chain
Deep learning becomes the driving force behind many contemporary technologies and has
been successfully applied in many fields. Through software dependencies, a multi-layer …
been successfully applied in many fields. Through software dependencies, a multi-layer …
What do package dependencies tell us about semantic versioning?
The semantic versioning (semver) policy is commonly accepted by open source package
management systems to inform whether new releases of software packages introduce …
management systems to inform whether new releases of software packages introduce …
On the use of dependabot security pull requests
Vulnerable dependencies are a major problem in modern software development. As
software projects depend on multiple external dependencies, developers struggle to …
software projects depend on multiple external dependencies, developers struggle to …