RefactoringMiner 2.0
Refactoring detection is crucial for a variety of applications and tasks:(i) empirical studies
about code evolution,(ii) tools for library API migration,(iii) code reviews and change …
about code evolution,(ii) tools for library API migration,(iii) code reviews and change …
Small world with high risks: A study of security threats in the npm ecosystem
M Zimmermann, CA Staicu, C Tenny… - 28th USENIX Security …, 2019 - usenix.org
The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …
via the npm software package registry. The open nature of npm has boosted its growth …
On the impact of security vulnerabilities in the npm package dependency network
Security vulnerabilities are among the most pressing problems in open source software
package libraries. It may take a long time to discover and fix vulnerabilities in packages. In …
package libraries. It may take a long time to discover and fix vulnerabilities in packages. In …
An empirical comparison of dependency network evolution in seven software packaging ecosystems
Nearly every popular programming language comes with one or more package managers.
The software packages distributed by such package managers form large software …
The software packages distributed by such package managers form large software …
A systematic literature review on trust in the software ecosystem
The worldwide software ecosystem is a trust-rich part of the world. Throughout the software
life cycle, software engineers, end-users, and other stakeholders collaboratively place their …
life cycle, software engineers, end-users, and other stakeholders collaboratively place their …
Empirical analysis of security vulnerabilities in python packages
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …
open platform of reusable packages that speed up and facilitate development tasks …
A qualitative study of dependency management and its security implications
Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …
many developers do not often update their vulnerable software libraries thus exposing the …
" Did you miss my comment or what?" understanding toxicity in open source discussions
Online toxicity is ubiquitous across the internet and its negative impact on the people and
that online communities that it effects has been well documented. However, toxicity …
that online communities that it effects has been well documented. However, toxicity …
Structure and evolution of package dependency networks
Software developers often include available open-source software packages into their
projects to minimize redundant effort. However, adding a package to a project can also …
projects to minimize redundant effort. However, adding a package to a project can also …
Can automated pull requests encourage software developers to upgrade out-of-date dependencies?
S Mirhosseini, C Parnin - 2017 32nd IEEE/ACM international …, 2017 - ieeexplore.ieee.org
Developers neglect to update legacy software dependencies, resulting in buggy and
insecure software. One explanation for this neglect is the difficulty of constantly checking for …
insecure software. One explanation for this neglect is the difficulty of constantly checking for …