Litcius/Paper detail

Not All Dependencies are Equal: An Empirical Study on Production Dependencies in NPM

Jasmine Latendresse, Suhaib Mujahid, Diego Elias Costa, Emad Shihab

202217 citationsDOIOpen Access PDF

Abstract

Modern software systems are often built by leveraging code written by others in the form of libraries and packages to accelerate their development. While there are many benefits to using third-party packages, software projects often become dependent on a large number of software packages. Consequently, developers are faced with the difficult challenge of maintaining their project dependencies by keeping them up-to-date and free of security vulnerabilities. However, how often are project dependencies used in production where they could pose a threat to their project’s security?

Topics & Concepts

Computer scienceProduction (economics)Software security assuranceSoftwareSoftware engineeringCode (set theory)Empirical researchBackportingSoftware developmentComputer securitySoftware constructionDatabaseProgramming languageInformation securitySecurity servicePhilosophyEpistemologyEconomicsMacroeconomicsSet (abstract data type)Software Engineering ResearchSoftware Reliability and Analysis ResearchSoftware Engineering Techniques and Practices