Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

The npm registry is one of the pillars of the JavaScript and Type-Script ecosystems, hosting
over 1.7 million packages ranging from simple utility libraries to complex frameworks and …

Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …

The increasing interest in open source software has led to the emergence of large language-
specific package distributions of reusable software libraries, such as npm and RubyGems …

Third-party libraries (TPLs) are frequently reused in software to reduce development cost
and the time to market. However, external library dependencies may introduce …

Software bills of materials (SBOMs) promise to become the backbone of software supply
chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open …

Vulnerable dependencies are a major problem in modern software development. As
software projects depend on multiple external dependencies, developers struggle to …

The software product is a source of cyber-attacks that target organizations by using their
software supply chain as a distribution vector. As the reliance of software projects on open …

The perception of the value and propriety of modern engineered systems is changing. In
addition to their functional and extra-functional properties, nowadays' systems are also …

Open-source software (OSS) supply chain enlarges the attack surface, which makes
package registries attractive targets for attacks. Recently, package registries NPM and PyPI …