Background: Software Package Registries (SPRs) are an integral part of the software supply
chain. These collaborative platforms unite contributors, users, and code for streamlined …

Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

GitHub Actions was introduced as a way to automate CI/CD workflows in GitHub, the largest
social coding platform. Thanks to its deep integration into GitHub, GitHub Actions can be …

The semantic versioning (semver) policy is commonly accepted by open source package
management systems to inform whether new releases of software packages introduce …

Vulnerable dependencies are a known problem in today's free open-source software
ecosystems because FOSS libraries are highly interconnected, and developers do not …

Just like any software, libraries evolve to incorporate new features, bug fixes, security
patches, and refactorings. However, when a library evolves, it may break the contract …

In a software ecosystem, a dependency relationship enables a client package to reuse a
certain version of a provider package. Packages in a software ecosystem often release …

Dependency management bots automatically open pull requests to update software
dependencies on behalf of developers. Early research shows that developers are …

While open-source software has enabled significant levels of reuse to speed up software
development, it has also given rise to the dreadful dependency hell that all software …

Libraries play a significant role in software development as they provide reusable
functionality, which helps expedite the development process. As libraries evolve, they …