1. Taylor Armerding. 2022. Open Source News from the 2022 OSSRA Report. https://thenewstack.io/open-source-news-from-the-2022-ossra-report/. (2022). (Accessed on 05/08/2022). Taylor Armerding. 2022. Open Source News from the 2022 OSSRA Report. https://thenewstack.io/open-source-news-from-the-2022-ossra-report/. (2022). (Accessed on 05/08/2022).

2. How to break an API: cost negotiation and community values in three software ecosystems

3. Thomas Claburn. 2018. Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week). https://www.theregister. com/2018/11/26/npm_repo_bitcoin_stealer/. (2018). (Accessed on 05/08/2022). Thomas Claburn. 2018. Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week). https://www.theregister. com/2018/11/26/npm_repo_bitcoin_stealer/. (2018). (Accessed on 05/08/2022).

4. Yaniv David , Xudong Sun , Raphael J Sofaer , Aditya Senthilnathan , Junfeng Yang , Zhiqiang Zuo , Guoqing Harry Xu , Jason Nieh , and Ronghui Gu . 2022 . {UPGRADVISOR}: Early Adopting Dependency Updates Using Hybrid Program Analysis and Hardware Tracing . In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22) . 751--767. Yaniv David, Xudong Sun, Raphael J Sofaer, Aditya Senthilnathan, Junfeng Yang, Zhiqiang Zuo, Guoqing Harry Xu, Jason Nieh, and Ronghui Gu. 2022. {UPGRADVISOR}: Early Adopting Dependency Updates Using Hybrid Program Analysis and Hardware Tracing. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). 751--767.

5. An empirical comparison of dependency network evolution in seven software packaging ecosystems