The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …

Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

Security vulnerabilities are among the most pressing problems in open source software
package libraries. It may take a long time to discover and fix vulnerabilities in packages. In …

Nearly every popular programming language comes with one or more package managers.
The software packages distributed by such package managers form large software …

GitHub Actions was introduced in 2019 and constitutes an integrated alternative to CI/CD
services for GitHub repositories. The deep integration with GitHub allows repositories to …

Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …

Third-party libraries play a key role in software development as they can relieve developers
of the heavy burden of re-implementing common functionalities. However, third-party …

Software developers often include available open-source software packages into their
projects to minimize redundant effort. However, adding a package to a project can also …

Developers neglect to update legacy software dependencies, resulting in buggy and
insecure software. One explanation for this neglect is the difficulty of constantly checking for …

Code reuse is traditionally seen as good practice. Recent trends have pushed the concept of
code reuse to an extreme, by using packages that implement simple and trivial tasks, which …