A systematic examination of knowledge loss in open source software projects
Abstract Context Open Source Software (OSS) development is a knowledge focused activity
which relies heavily on contributors who can be volunteers or paid workers and are …
which relies heavily on contributors who can be volunteers or paid workers and are …
Small world with high risks: A study of security threats in the npm ecosystem
M Zimmermann, CA Staicu, C Tenny… - 28th USENIX Security …, 2019 - usenix.org
The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …
via the npm software package registry. The open nature of npm has boosted its growth …
Empirical analysis of security vulnerabilities in python packages
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …
open platform of reusable packages that speed up and facilitate development tasks …
How to characterize the health of an Open Source Software project? A snowball literature review of an emerging practice
Motivation: Society's dependence on Open Source Software (OSS) and the communities that
maintain the OSS is ever-growing. So are the potential risks of, eg, vulnerabilities being …
maintain the OSS is ever-growing. So are the potential risks of, eg, vulnerabilities being …
Ecosystem-level determinants of sustained activity in open-source projects: A case study of the PyPI ecosystem
Open-source projects do not exist in a vacuum. They benefit from reusing other projects and
themselves are being reused by others, creating complex networks of interdependencies, ie …
themselves are being reused by others, creating complex networks of interdependencies, ie …
On the abandonment and survival of open source projects: An empirical investigation
Background: Evolution of open source projects frequently depends on a small number of
core developers. The loss of such core developers might be detrimental for projects and …
core developers. The loss of such core developers might be detrimental for projects and …
An empirical analysis of technical lag in npm package dependencies
Software library packages are constantly evolving and increasing in number. Not updating to
the latest available release of dependent libraries may negatively affect software …
the latest available release of dependent libraries may negatively affect software …
The robot operating system: Package reuse and community dynamics
Abstract ROS, the Robot Operating System, offers a core set of software for operating robots
that can be extended by creating or using existing packages, making it possible to write …
that can be extended by creating or using existing packages, making it possible to write …
Why do people give up flossing? a study of contributor disengagement in open source
Established contributors are the backbone of many free/libre open source software (FLOSS)
projects. Previous research has shown that it is critically important for projects to retain …
projects. Previous research has shown that it is critically important for projects to retain …
“We Feel Like We're Winging It:” A Study on Navigating Open-Source Dependency Abandonment
While lots of research has explored how to prevent maintainers from abandoning the open-
source projects that serve as our digital infras-tructure, there are very few insights on …
source projects that serve as our digital infras-tructure, there are very few insights on …