SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4312790719> ?p ?o ?g. }

Showing items 1 to 84 of 84 with 100 items per page.

W4312790719 abstract "Node.js has become popular among developers, partially because of its large software ecosystem of NPM (Node Package Manager) packages. When building JavaScript (JS) applications on top of NPM packages, developers can reuse the provided functionalities to improve programmer productivity. However, many NPM packages have been recently found vulner-able or malicious. Such packages can introduce vulnerabilities into their client JS applications, and realize software supply chain attacks. To reduce the impact of potentially malicious NPM packages in Node.js software ecosystem, experts suggested best practices to developers when they maintain package depen-dencies. These best practices include using specific commands and/or tools to (a) conduct security audit for dependencies and remove vulnerable dependencies, (b) remove unused and duplicated dependencies, and (c) fixate the version information of library/package dependencies. We were curious how developers followed and will follow those best practices. For this paper, we did a large-scale empirical study on 841 popularly used open-source JS applications. By analyzing their configuration files (e.g., package.json and package-lock.json), we revealed that only 32% of the applications lock the version numbers of package dependencies. The commands/tools reported (i) vulnerable, (ii) unused, and (iii) duplicated dependencies separately in 55 %, 90 %, and 83 % of applications, which fact implies that developers often ignored the best practices we examined. We did a user study with developers to acquire their opinions on the suggested best practices and got interesting feedback. Our research will enlighten future research on the management of NPM package dependencies." @default.
W4312790719 created "2023-01-05" @default.
W4312790719 creator A5018863416 @default.
W4312790719 creator A5034366344 @default.
W4312790719 creator A5051214133 @default.
W4312790719 creator A5070152860 @default.
W4312790719 date "2022-10-01" @default.
W4312790719 modified "2023-10-16" @default.
W4312790719 title "How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?" @default.
W4312790719 cites W2759023773 @default.
W4312790719 cites W2789570312 @default.
W4312790719 cites W2801591443 @default.
W4312790719 cites W2907964905 @default.
W4312790719 cites W2963531473 @default.
W4312790719 cites W2963923573 @default.
W4312790719 cites W2985320478 @default.
W4312790719 cites W3030378309 @default.
W4312790719 cites W3093595239 @default.
W4312790719 cites W4211233231 @default.
W4312790719 cites W4225326198 @default.
W4312790719 cites W4285152747 @default.
W4312790719 doi "https://doi.org/10.1109/secdev53368.2022.00027" @default.
W4312790719 hasPublicationYear "2022" @default.
W4312790719 type Work @default.
W4312790719 citedByCount "0" @default.
W4312790719 crossrefType "proceedings-article" @default.
W4312790719 hasAuthorship W4312790719A5018863416 @default.
W4312790719 hasAuthorship W4312790719A5034366344 @default.
W4312790719 hasAuthorship W4312790719A5051214133 @default.
W4312790719 hasAuthorship W4312790719A5070152860 @default.
W4312790719 hasBestOaLocation W43127907192 @default.
W4312790719 hasConcept C111919701 @default.
W4312790719 hasConcept C115903868 @default.
W4312790719 hasConcept C127413603 @default.
W4312790719 hasConcept C136764020 @default.
W4312790719 hasConcept C162324750 @default.
W4312790719 hasConcept C184356942 @default.
W4312790719 hasConcept C187736073 @default.
W4312790719 hasConcept C18903297 @default.
W4312790719 hasConcept C206588197 @default.
W4312790719 hasConcept C2777904410 @default.
W4312790719 hasConcept C2778514511 @default.
W4312790719 hasConcept C2780416260 @default.
W4312790719 hasConcept C41008148 @default.
W4312790719 hasConcept C544833334 @default.
W4312790719 hasConcept C62611344 @default.
W4312790719 hasConcept C66938386 @default.
W4312790719 hasConcept C86803240 @default.
W4312790719 hasConceptScore W4312790719C111919701 @default.
W4312790719 hasConceptScore W4312790719C115903868 @default.
W4312790719 hasConceptScore W4312790719C127413603 @default.
W4312790719 hasConceptScore W4312790719C136764020 @default.
W4312790719 hasConceptScore W4312790719C162324750 @default.
W4312790719 hasConceptScore W4312790719C184356942 @default.
W4312790719 hasConceptScore W4312790719C187736073 @default.
W4312790719 hasConceptScore W4312790719C18903297 @default.
W4312790719 hasConceptScore W4312790719C206588197 @default.
W4312790719 hasConceptScore W4312790719C2777904410 @default.
W4312790719 hasConceptScore W4312790719C2778514511 @default.
W4312790719 hasConceptScore W4312790719C2780416260 @default.
W4312790719 hasConceptScore W4312790719C41008148 @default.
W4312790719 hasConceptScore W4312790719C544833334 @default.
W4312790719 hasConceptScore W4312790719C62611344 @default.
W4312790719 hasConceptScore W4312790719C66938386 @default.
W4312790719 hasConceptScore W4312790719C86803240 @default.
W4312790719 hasFunder F4320306076 @default.
W4312790719 hasFunder F4320321001 @default.
W4312790719 hasLocation W43127907191 @default.
W4312790719 hasLocation W43127907192 @default.
W4312790719 hasOpenAccess W4312790719 @default.
W4312790719 hasPrimaryLocation W43127907191 @default.
W4312790719 hasRelatedWork W121857219 @default.
W4312790719 hasRelatedWork W1840953684 @default.
W4312790719 hasRelatedWork W2208662818 @default.
W4312790719 hasRelatedWork W2280302621 @default.
W4312790719 hasRelatedWork W2468448006 @default.
W4312790719 hasRelatedWork W2524951591 @default.
W4312790719 hasRelatedWork W2802837524 @default.
W4312790719 hasRelatedWork W2980939870 @default.
W4312790719 hasRelatedWork W1581434145 @default.
W4312790719 hasRelatedWork W2302208057 @default.
W4312790719 isParatext "false" @default.
W4312790719 isRetracted "false" @default.
W4312790719 workType "article" @default.