Not All Dependencies are Equal: An Empirical Study on Production Dependencies in NPM-Reference-Cited by-同舟云学术

Not All Dependencies are Equal: An Empirical Study on Production Dependencies in NPM

Published:2022-10-10 Issue: Volume: Page:
ISSN:
Container-title:Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering
language:
Short-container-title:

Author:

Latendresse Jasmine¹^ORCID,Mujahid Suhaib¹,Costa Diego Elias¹,Shihab Emad¹

Affiliation:

1. Concordia University, Canada

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3551349.3556896

Reference53 articles.

1. [n. d.]. Software Bill of Materials | CISA. https://www.cisa.gov/sbom [n. d.]. Software Bill of Materials | CISA. https://www.cisa.gov/sbom

2. 2019. 2019 State of the Software Supply Chain. https://www.sonatype.com/hubfs/SSC/2019%20SSC/SON_SSSC-Report-2019_jun16-DRAFT.pdf 2019. 2019 State of the Software Supply Chain. https://www.sonatype.com/hubfs/SSC/2019%20SSC/SON_SSSC-Report-2019_jun16-DRAFT.pdf

3. 2019. Eight Key Findings Illustrating How to Make Open Source Work Even Better for Developers. https://cdn2.hubspot.net/hubfs/4008838/Resources/The-2019-Tidelift-managed-open-source-survey-results.pdf 2019. Eight Key Findings Illustrating How to Make Open Source Work Even Better for Developers. https://cdn2.hubspot.net/hubfs/4008838/Resources/The-2019-Tidelift-managed-open-source-survey-results.pdf

4. 2019. webpack. https://webpack.js.org/ 2019. webpack. https://webpack.js.org/

5. 2020. Do ”dependencies ” and ”devDependencies” matter when using Webpack ?https://jsramblings.com/do-dependencies-devdependencies-matter-when-using-webpack/ 2020. Do ”dependencies” and ”devDependencies” matter when using Webpack?https://jsramblings.com/do-dependencies-devdependencies-matter-when-using-webpack/

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SBOM Ouverture: What We Need and What We Have;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

2. Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm Ecosystem;Proceedings of the ACM on Software Engineering;2024-07-12

3. VulNet: Towards improving vulnerability management in the Maven ecosystem;Empirical Software Engineering;2024-06-05

4. Automatically Resolving Dependency-Conflict Building Failures via Behavior-Consistent Loosening of Library Version Constraints;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30

5. Automatic Specialization of Third-Party Java Dependencies;IEEE Transactions on Software Engineering;2023-11