FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4289446304> ?p ?o ?g. }

• W4289446304 abstract "Modern software systems are often built by leveraging code written by others in the form of libraries and packages to accelerate their development. While there are many benefits to using third-party packages, software projects often become dependent on a large number of software packages. Consequently, developers are faced with the difficult challenge of maintaining their project dependencies by keeping them up-to-date and free of security vulnerabilities. However, how often are project dependencies used in production where they could pose a threat to their project's security? We conduct an empirical study on 100 JavaScript projects using the Node Package Manager (npm) to quantify how often project dependencies are released to production and analyze their characteristics and their impact on security. Our results indicate that less than 1% of the installed dependencies are released to production. Our analysis reveals that the functionality of a package is not enough to determine if it will be released to production or not. In fact, 59% of the installed dependencies configured as runtime dependencies are not used in production, and 28.2% of the dependencies configured as development dependencies are used in production, debunking two common assumptions of dependency management. Findings also indicate that most security alerts target dependencies not used in production, making them highly unlikely to be a risk for the security of the software. Our study unveils a more complex side of dependency management: not all dependencies are equal. Dependencies used in production are more sensitive to security exposure and should be prioritized. However, current tools lack the appropriate support in identifying production dependencies." @default.
• W4289446304 created "2022-08-02" @default.
• W4289446304 creator A5023951345 @default.
• W4289446304 creator A5025936696 @default.
• W4289446304 creator A5049727493 @default.
• W4289446304 date "2022-07-29" @default.
• W4289446304 modified "2023-09-30" @default.
• W4289446304 title "Not All Dependencies are Equal: An Empirical Study on Production Dependencies in NPM" @default.
• W4289446304 doi "https://doi.org/10.48550/arxiv.2207.14711" @default.
• W4289446304 hasPublicationYear "2022" @default.
• W4289446304 type Work @default.
• W4289446304 citedByCount "0" @default.
• W4289446304 crossrefType "posted-content" @default.
• W4289446304 hasAuthorship W4289446304A5023951345 @default.
• W4289446304 hasAuthorship W4289446304A5025936696 @default.
• W4289446304 hasAuthorship W4289446304A5049727493 @default.
• W4289446304 hasBestOaLocation W42894463041 @default.
• W4289446304 hasConcept C111472728 @default.
• W4289446304 hasConcept C111919701 @default.
• W4289446304 hasConcept C115903868 @default.
• W4289446304 hasConcept C120936955 @default.
• W4289446304 hasConcept C138885662 @default.
• W4289446304 hasConcept C139719470 @default.
• W4289446304 hasConcept C162324750 @default.
• W4289446304 hasConcept C19768560 @default.
• W4289446304 hasConcept C199360897 @default.
• W4289446304 hasConcept C26320393 @default.
• W4289446304 hasConcept C2777904410 @default.
• W4289446304 hasConcept C2778348673 @default.
• W4289446304 hasConcept C29983905 @default.
• W4289446304 hasConcept C38652104 @default.
• W4289446304 hasConcept C40683218 @default.
• W4289446304 hasConcept C41008148 @default.
• W4289446304 hasConcept C527648132 @default.
• W4289446304 hasConcept C544833334 @default.
• W4289446304 hasConcept C5655090 @default.
• W4289446304 hasConcept C62913178 @default.
• W4289446304 hasConcept C77088390 @default.
• W4289446304 hasConceptScore W4289446304C111472728 @default.
• W4289446304 hasConceptScore W4289446304C111919701 @default.
• W4289446304 hasConceptScore W4289446304C115903868 @default.
• W4289446304 hasConceptScore W4289446304C120936955 @default.
• W4289446304 hasConceptScore W4289446304C138885662 @default.
• W4289446304 hasConceptScore W4289446304C139719470 @default.
• W4289446304 hasConceptScore W4289446304C162324750 @default.
• W4289446304 hasConceptScore W4289446304C19768560 @default.
• W4289446304 hasConceptScore W4289446304C199360897 @default.
• W4289446304 hasConceptScore W4289446304C26320393 @default.
• W4289446304 hasConceptScore W4289446304C2777904410 @default.
• W4289446304 hasConceptScore W4289446304C2778348673 @default.
• W4289446304 hasConceptScore W4289446304C29983905 @default.
• W4289446304 hasConceptScore W4289446304C38652104 @default.
• W4289446304 hasConceptScore W4289446304C40683218 @default.
• W4289446304 hasConceptScore W4289446304C41008148 @default.
• W4289446304 hasConceptScore W4289446304C527648132 @default.
• W4289446304 hasConceptScore W4289446304C544833334 @default.
• W4289446304 hasConceptScore W4289446304C5655090 @default.
• W4289446304 hasConceptScore W4289446304C62913178 @default.
• W4289446304 hasConceptScore W4289446304C77088390 @default.
• W4289446304 hasLocation W42894463041 @default.
• W4289446304 hasOpenAccess W4289446304 @default.
• W4289446304 hasPrimaryLocation W42894463041 @default.
• W4289446304 hasRelatedWork W1488863130 @default.
• W4289446304 hasRelatedWork W1977276173 @default.
• W4289446304 hasRelatedWork W2073045249 @default.
• W4289446304 hasRelatedWork W2155206946 @default.
• W4289446304 hasRelatedWork W2662284196 @default.
• W4289446304 hasRelatedWork W2789570312 @default.
• W4289446304 hasRelatedWork W3007967230 @default.
• W4289446304 hasRelatedWork W3023846186 @default.
• W4289446304 hasRelatedWork W4281772577 @default.
• W4289446304 hasRelatedWork W4289446304 @default.
• W4289446304 isParatext "false" @default.
• W4289446304 isRetracted "false" @default.
• W4289446304 workType "article" @default.