Demystifying the vulnerability propagation and its evolution via dependency trees in the npm ecosystem
Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
Empirical analysis of security vulnerabilities in python packages
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …
open platform of reusable packages that speed up and facilitate development tasks …
An empirical study of usages, updates and risks of third-party libraries in java projects
Third-party libraries play a key role in software development as they can relieve developers
of the heavy burden of re-implementing common functionalities. However, third-party …
of the heavy burden of re-implementing common functionalities. However, third-party …
[HTML][HTML] Detection, assessment and mitigation of vulnerabilities in open source dependencies
Open source software (OSS) libraries are widely used in the industry to speed up the
development of software products. However, these libraries are subject to an ever …
development of software products. However, these libraries are subject to an ever …
Modular call graph construction for security scanning of node. js applications
Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …
of a large number of interdependent modules. Because of the dynamic features of …
On the impact of security vulnerabilities in the npm and RubyGems dependency networks
The increasing interest in open source software has led to the emergence of large language-
specific package distributions of reusable software libraries, such as npm and RubyGems …
specific package distributions of reusable software libraries, such as npm and RubyGems …
A comparative study of vulnerability reporting by software composition analysis tools
Background: Modern software uses many third-party libraries and frameworks as
dependencies. Known vulnerabilities in these dependencies are a potential security risk …
dependencies. Known vulnerabilities in these dependencies are a potential security risk …
An empirical study of dependency downgrades in the npm ecosystem
In a software ecosystem, a dependency relationship enables a client package to reuse a
certain version of a provider package. Packages in a software ecosystem often release …
certain version of a provider package. Packages in a software ecosystem often release …
Understanding the threats of upstream vulnerabilities to downstream projects in the maven ecosystem
Y Wu, Z Yu, M Wen, Q Li, D Zou… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Modern software systems are increasingly relying on dependencies from the ecosystem. A
recent estimation shows that around 35% of an open-source project's code come from its …
recent estimation shows that around 35% of an open-source project's code come from its …
A measurement study of wechat mini-apps
A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the
past few years since being introduced by WeChat in 2017. In this paradigm, a host app …
past few years since being introduced by WeChat in 2017. In this paradigm, a host app …