Small world with high risks: A study of security threats in the npm ecosystem
M Zimmermann, CA Staicu, C Tenny… - 28th USENIX Security …, 2019 - usenix.org
The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …
via the npm software package registry. The open nature of npm has boosted its growth …
Revisiting software ecosystems research: A longitudinal literature study
K Manikas - Journal of Systems and Software, 2016 - Elsevier
Abstract 'Software ecosystems' is argued to first appear as a concept more than 10 years
ago and software ecosystem research started to take off in 2010. We conduct a systematic …
ago and software ecosystem research started to take off in 2010. We conduct a systematic …
When and why your code starts to smell bad
In past and recent years, the issues related to managing technical debt received significant
attention by researchers from both industry and academia. There are several factors that …
attention by researchers from both industry and academia. There are several factors that …
When and why your code starts to smell bad (and whether the smells go away)
Technical debt is a metaphor introduced by Cunningham to indicate “not quite right code
which we postpone making it right”. One noticeable symptom of technical debt is …
which we postpone making it right”. One noticeable symptom of technical debt is …
Structure and evolution of package dependency networks
Software developers often include available open-source software packages into their
projects to minimize redundant effort. However, adding a package to a project can also …
projects to minimize redundant effort. However, adding a package to a project can also …
Why do developers use trivial packages? an empirical case study on npm
Code reuse is traditionally seen as good practice. Recent trends have pushed the concept of
code reuse to an extreme, by using packages that implement simple and trivial tasks, which …
code reuse to an extreme, by using packages that implement simple and trivial tasks, which …
A look at the dynamics of the JavaScript package ecosystem
E Wittern, P Suter, S Rajagopalan - Proceedings of the 13th international …, 2016 - dl.acm.org
The node package manager (npm) serves as the frontend to a large repository of JavaScript-
based software packages, which foster the development of currently huge amounts of server …
based software packages, which foster the development of currently huge amounts of server …
An empirical study of usages, updates and risks of third-party libraries in java projects
Third-party libraries play a key role in software development as they can relieve developers
of the heavy burden of re-implementing common functionalities. However, third-party …
of the heavy burden of re-implementing common functionalities. However, third-party …
Understanding software-2.0: A study of machine learning library usage and evolution
Enabled by a rich ecosystem of Machine Learning (ML) libraries, programming using
learned models, ie, Software-2.0, has gained substantial adoption. However, we do not …
learned models, ie, Software-2.0, has gained substantial adoption. However, we do not …
Are static analysis violations really fixed? a closer look at realistic usage of sonarqube
D Marcilio, R Bonifácio, E Monteiro… - 2019 IEEE/ACM 27th …, 2019 - ieeexplore.ieee.org
The use of automatic static analysis tools (ASATs) has gained increasing attention in the last
few years. Even though available research have already explored ASATs issues and how …
few years. Even though available research have already explored ASATs issues and how …