On the impact of security vulnerabilities in the npm and RubyGems dependency networks
The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities that may expose dependent packages through explicitly declared...
Saved in:
| Published in: | Empirical software engineering : an international journal Vol. 27; no. 5 |
|---|---|
| Main Authors: | , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
New York
Springer US
01.09.2022
Springer Nature B.V |
| Subjects: | |
| ISSN: | 1382-3256, 1573-7616 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities that may expose dependent packages through explicitly declared dependencies. Using Snyk’s vulnerability database, this article empirically studies vulnerabilities affecting npm and RubyGems packages. We analyse how and when these vulnerabilities are disclosed and fixed, and how their prevalence changes over time. We also analyse how vulnerable packages expose their direct and indirect dependents to vulnerabilities. We distinguish between two types of dependents: packages distributed via the package manager, and external GitHub projects depending on npm packages. We observe that the number of vulnerabilities in npm is increasing and being disclosed faster than vulnerabilities in RubyGems. For both package distributions, the time required to disclose vulnerabilities is increasing over time. Vulnerabilities in npm packages affect a median of 30 package releases, while this is 59 releases in RubyGems packages. A large proportion of external GitHub projects is exposed to vulnerabilities coming from direct or indirect dependencies. 33% and 40% of dependency vulnerabilities to which projects and packages are exposed, respectively, have their fixes in more recent releases within the same major release range of the used dependency. Our findings reveal that more effort is needed to better secure open source package distributions. |
|---|---|
| AbstractList | The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities that may expose dependent packages through explicitly declared dependencies. Using Snyk’s vulnerability database, this article empirically studies vulnerabilities affecting npm and RubyGems packages. We analyse how and when these vulnerabilities are disclosed and fixed, and how their prevalence changes over time. We also analyse how vulnerable packages expose their direct and indirect dependents to vulnerabilities. We distinguish between two types of dependents: packages distributed via the package manager, and external GitHub projects depending on npm packages. We observe that the number of vulnerabilities in npm is increasing and being disclosed faster than vulnerabilities in RubyGems. For both package distributions, the time required to disclose vulnerabilities is increasing over time. Vulnerabilities in npm packages affect a median of 30 package releases, while this is 59 releases in RubyGems packages. A large proportion of external GitHub projects is exposed to vulnerabilities coming from direct or indirect dependencies. 33% and 40% of dependency vulnerabilities to which projects and packages are exposed, respectively, have their fixes in more recent releases within the same major release range of the used dependency. Our findings reveal that more effort is needed to better secure open source package distributions. |
| ArticleNumber | 107 |
| Author | Zerouali, Ahmed Decan, Alexandre Mens, Tom De Roover, Coen |
| Author_xml | – sequence: 1 givenname: Ahmed orcidid: 0000-0002-2676-3730 surname: Zerouali fullname: Zerouali, Ahmed email: ahmed.zerouali@vub.be organization: Vrije Universiteit Brussel – sequence: 2 givenname: Tom surname: Mens fullname: Mens, Tom organization: Université de Mons – sequence: 3 givenname: Alexandre surname: Decan fullname: Decan, Alexandre organization: Université de Mons – sequence: 4 givenname: Coen surname: De Roover fullname: De Roover, Coen organization: Vrije Universiteit Brussel |
| BookMark | eNp9kE1LxDAQhoOsoLv6BzwFPFfz2bRHEV0FQRA9hzSdaLSb1iRV9t9brSB42NPM4X3eGZ4lWoQ-AEInlJxRQtR5oqQsRUEYKyihUhR0Dx1SqXihSloupp1XrOBMlgdomdIrIaRWQh6ip_uA8wtgvxmMzbh3OIEdo89b_DF2AaJpfOezh4T9nAzDBpvQ4oex2a5hk3ALA4QWgt3iAPmzj2_pCO070yU4_p0r9HR99Xh5U9zdr28vL-4Ky0ueC2WUEYIKWdWNMA0DyVonnZCiBu44M4paXhHeCG4r5moHloMywGlluaSOr9Dp3DvE_n2ElPVrP8YwndSsVFOxYHU5pdicsrFPKYLTQ_QbE7eaEv2tT8_69KRP_-jTdIKqf5D12WTfhxyN73ajfEbTdCc8Q_z7agf1Bb20hnk |
| CitedBy_id | crossref_primary_10_1007_s10664_025_10638_w crossref_primary_10_1007_s10664_025_10648_8 crossref_primary_10_1016_j_procs_2024_06_017 crossref_primary_10_1177_26339137241231912 crossref_primary_10_1007_s10664_024_10448_6 crossref_primary_10_1145_3624738 crossref_primary_10_1007_s10515_025_00540_6 crossref_primary_10_1016_j_dib_2025_111903 crossref_primary_10_7717_peerj_cs_2617 crossref_primary_10_1007_s10664_022_10278_4 crossref_primary_10_1007_s11192_025_05366_3 crossref_primary_10_1007_s10664_024_10523_y crossref_primary_10_1109_TSE_2022_3181010 crossref_primary_10_1016_j_jss_2023_111752 crossref_primary_10_1145_3705304 crossref_primary_10_1109_TSE_2022_3191353 crossref_primary_10_1145_3714464 crossref_primary_10_1016_j_jss_2023_111827 |
| Cites_doi | 10.1007/s10664-017-9589-y 10.1093/cybsec/tyx008 10.1007/s10664-020-09914-8 10.1007/s10664-020-09830-x 10.1109/TSE.2018.2816033 10.1109/TSE.2010.81 10.1007/s10664-015-9408-2 10.1007/s10664-020-09908-6 10.1145/2901739.2901743 10.1007/978-1-4615-4625-2 10.1109/ICSE.2015.140 10.1007/978-3-319-90421-4_6 10.14722/ndss.2017.23414 10.1109/TSE.2021.3112204 10.1007/978-3-030-52683-2_2 10.1109/SANER50967.2021.00048 10.1007/978-3-319-57735-7_17 10.1109/MSR.2017.55 10.1145/3475716.3475783 10.1109/TEM.2021.3122012 10.1109/IWESEP.2018.00013 10.1145/3372297.3417232 10.1109/ESEM.2013.19 10.1109/ICSME.2018.00050 10.1145/1858996.1859089 10.1109/SANER.2019.8668013 10.1007/s10664-021-09959-3 10.1145/3239235.3268920 10.1145/3324884.3421838 10.1145/2950290.2950325 10.1145/3447245 10.1016/j.scico.2021.102653 10.1016/j.jss.2020.110653 10.1145/3427228.3427658 10.1109/SANER.2017.7884604 10.1145/3196398.3196401 10.1109/ICSE43902.2021.00125 10.1145/3498891.3501259 10.1145/3475716.3475769 |
| ContentType | Journal Article |
| Copyright | The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022 The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022. |
| Copyright_xml | – notice: The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022 – notice: The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022. |
| DBID | AAYXX CITATION 7SC 8FD 8FE 8FG ABJCF AFKRA ARAPS BENPR BGLVJ CCPQU DWQXO HCIFZ JQ2 L6V L7M L~C L~D M7S P5Z P62 PHGZM PHGZT PKEHL PQEST PQGLB PQQKQ PQUKI PRINS PTHSS S0W |
| DOI | 10.1007/s10664-022-10154-1 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest SciTech Collection ProQuest Technology Collection Materials Science & Engineering Collection ProQuest Central UK/Ireland Health Research Premium Collection ProQuest Central Technology collection ProQuest One Community College ProQuest Central SciTech Premium Collection ProQuest Computer Science Collection ProQuest Engineering Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional Engineering Database Advanced Technologies & Aerospace Database ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Premium ProQuest One Academic ProQuest One Academic Middle East (New) ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic (retired) ProQuest One Academic UKI Edition ProQuest Central China Engineering Collection DELNET Engineering & Technology Collection |
| DatabaseTitle | CrossRef Technology Collection Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest One Academic Middle East (New) ProQuest Advanced Technologies & Aerospace Collection ProQuest Computer Science Collection Computer and Information Systems Abstracts SciTech Premium Collection ProQuest One Community College ProQuest Central China ProQuest Central ProQuest One Applied & Life Sciences ProQuest Engineering Collection ProQuest Central Korea ProQuest Central (New) Advanced Technologies Database with Aerospace Engineering Collection Advanced Technologies & Aerospace Collection Engineering Database ProQuest One Academic Eastern Edition ProQuest Technology Collection ProQuest SciTech Collection Computer and Information Systems Abstracts Professional Advanced Technologies & Aerospace Database ProQuest One Academic UKI Edition ProQuest DELNET Engineering and Technology Collection Materials Science & Engineering Collection ProQuest One Academic ProQuest One Academic (New) |
| DatabaseTitleList | Technology Collection |
| Database_xml | – sequence: 1 dbid: BENPR name: ProQuest Central url: https://www.proquest.com/central sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1573-7616 |
| ExternalDocumentID | 10_1007_s10664_022_10154_1 |
| GrantInformation_xml | – fundername: fonds de la recherche scientifique - fnrs grantid: J015120 funderid: https://doi.org/10.13039/501100002661 – fundername: fwo-vlaanderen grantid: 30446992 |
| GroupedDBID | -4Z -59 -5G -BR -EM -Y2 -~C .86 .DC .VR 06D 0R~ 0VY 199 1N0 1SB 2.D 203 28- 29G 2J2 2JN 2JY 2KG 2LR 2P1 2VQ 2~H 30V 4.4 406 408 409 40D 40E 5GY 5QI 5VS 67Z 6NX 78A 8FE 8FG 8TC 8UJ 95- 95. 95~ 96X AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYOK AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJCF ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACIWK ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADIMF ADINQ ADKNI ADKPE ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFKRA AFLOW AFQWF AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARAPS ARMRJ ASPBG AVWKF AXYYD AYJHY AZFZN B-. BA0 BBWZM BDATZ BENPR BGLVJ BGNMA BSONS CAG CCPQU COF CS3 CSCUP DDRTE DL5 DNIVK DPUIP DU5 EBLON EBS EIOEI EJD ESBYG FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNWQR GQ6 GQ7 GQ8 GXS H13 HCIFZ HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I09 IHE IJ- IKXTQ ITM IWAJR IXC IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ KDC KOV KOW L6V LAK LLZTM M4Y M7S MA- N2Q NB0 NDZJH NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P62 P9O PF0 PT4 PT5 PTHSS Q2X QOK QOS R4E R89 R9I RHV RNI RNS ROL RPX RSV RZC RZE RZK S0W S16 S1Z S26 S27 S28 S3B SAP SCJ SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TSG TSK TSV TUC U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW W23 W48 WK8 YLTOR Z45 Z7R Z7S Z7V Z7X Z7Z Z81 Z83 Z86 Z88 Z8M Z8N Z8P Z8R Z8T Z8U Z8W Z92 ZMTXR ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABRTQ ACSTC ADHKG AEZWR AFDZB AFFHD AFHIU AFOHR AGQPQ AHPBZ AHWEU AIXLP ATHPR AYFIA CITATION PHGZM PHGZT PQGLB 7SC 8FD DWQXO JQ2 L7M L~C L~D PKEHL PQEST PQQKQ PQUKI PRINS |
| ID | FETCH-LOGICAL-c363t-7a7a4414589b4ab2e52df5f4549e3f32a71c3803b43c82f9fec3e7ae318c351f3 |
| IEDL.DBID | M7S |
| ISICitedReferencesCount | 32 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000805577100004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1382-3256 |
| IngestDate | Tue Dec 02 15:56:11 EST 2025 Sat Nov 29 05:37:46 EST 2025 Tue Nov 18 22:21:32 EST 2025 Fri Feb 21 02:45:00 EST 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 5 |
| Keywords | RubyGems npm Vulnerable packages Security vulnerabilities |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c363t-7a7a4414589b4ab2e52df5f4549e3f32a71c3803b43c82f9fec3e7ae318c351f3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-2676-3730 |
| OpenAccessLink | https://link.springer.com/content/pdf/10.1007/s10664-022-10154-1.pdf |
| PQID | 2671454296 |
| PQPubID | 326341 |
| ParticipantIDs | proquest_journals_2671454296 crossref_primary_10_1007_s10664_022_10154_1 crossref_citationtrail_10_1007_s10664_022_10154_1 springer_journals_10_1007_s10664_022_10154_1 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-09-01 |
| PublicationDateYYYYMMDD | 2022-09-01 |
| PublicationDate_xml | – month: 09 year: 2022 text: 2022-09-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York – name: Dordrecht |
| PublicationSubtitle | An International Journal |
| PublicationTitle | Empirical software engineering : an international journal |
| PublicationTitleAbbrev | Empir Software Eng |
| PublicationYear | 2022 |
| Publisher | Springer US Springer Nature B.V |
| Publisher_xml | – name: Springer US – name: Springer Nature B.V |
| References | Nguyen, Dashevskyi, Massacci (CR29) 2016; 21 Ponta, Plate, Sabetta (CR38) 2020; 25 CR39 CR37 CR36 CR35 CR34 CR32 CR31 CR30 Zerouali, Mens, Decan, Gonzalez-Barahona, Robles (CR51) 2021; 26 CR2 CR4 CR3 CR6 CR5 Maillart, Zhao, Grossklags, Chuang (CR25) 2017; 3 CR8 CR7 CR9 CR49 CR48 Shin, Meneely, Williams, Osborne (CR43) 2010; 37 CR47 CR46 Klein, Moeschberger (CR23) 2013 CR44 Ozment, Schechter (CR33) 2006; 6 CR42 CR41 CR40 CR19 CR18 Agresti, Coull (CR1) 1998; 52 CR17 CR15 CR14 CR13 CR12 CR10 CR54 CR53 CR52 CR50 Dashevskyi, Brucker, Massacci (CR11) 2018; 45 Soto-Valero, Harrand, Monperrus, Baudry (CR45) 2021; 26 CR28 CR27 CR26 CR24 Decan, Mens, Grosjean (CR16) 2019; 24 CR22 CR21 CR20 Y Shin (10154_CR43) 2010; 37 10154_CR10 10154_CR54 10154_CR13 10154_CR12 10154_CR50 10154_CR53 10154_CR52 10154_CR48 10154_CR47 10154_CR49 10154_CR9 10154_CR44 10154_CR46 10154_CR5 10154_CR40 10154_CR6 10154_CR7 10154_CR42 10154_CR8 10154_CR41 10154_CR2 10154_CR3 10154_CR4 10154_CR37 10154_CR36 10154_CR39 10154_CR32 10154_CR35 10154_CR34 JP Klein (10154_CR23) 2013 10154_CR31 10154_CR30 A Agresti (10154_CR1) 1998; 52 10154_CR26 10154_CR28 10154_CR27 10154_CR22 10154_CR21 10154_CR24 VH Nguyen (10154_CR29) 2016; 21 10154_CR20 T Maillart (10154_CR25) 2017; 3 A Zerouali (10154_CR51) 2021; 26 A Ozment (10154_CR33) 2006; 6 SE Ponta (10154_CR38) 2020; 25 C Soto-Valero (10154_CR45) 2021; 26 A Decan (10154_CR16) 2019; 24 S Dashevskyi (10154_CR11) 2018; 45 10154_CR19 10154_CR18 10154_CR15 10154_CR14 10154_CR17 |
| References_xml | – ident: CR22 – ident: CR49 – ident: CR4 – ident: CR39 – ident: CR12 – volume: 24 start-page: 381 issue: 1 year: 2019 end-page: 416 ident: CR16 article-title: An empirical comparison of dependency network evolution in seven software packaging ecosystems publication-title: Empir Softw Eng doi: 10.1007/s10664-017-9589-y – year: 2013 ident: CR23 publication-title: Survival Analysis: Techniques for Censored and Truncated Data – ident: CR35 – ident: CR54 – ident: CR8 – volume: 52 start-page: 119 issue: 2 year: 1998 end-page: 126 ident: CR1 article-title: Approximate is better than “exact” for interval estimation of binomial proportions publication-title: The American Statistician – ident: CR42 – volume: 3 start-page: 81 issue: 2 year: 2017 end-page: 90 ident: CR25 article-title: Given enough eyeballs, all bugs are shallow? revisiting eric raymond with bug bounty programs publication-title: Journal of Cybersecurity doi: 10.1093/cybsec/tyx008 – ident: CR21 – ident: CR46 – ident: CR19 – ident: CR15 – volume: 26 start-page: 1 issue: 3 year: 2021 end-page: 44 ident: CR45 article-title: A comprehensive study of bloated dependencies in the maven ecosystem publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09914-8 – ident: CR50 – ident: CR9 – volume: 25 start-page: 3175 issue: 5 year: 2020 end-page: 3215 ident: CR38 article-title: Detection, assessment and mitigation of vulnerabilities in open source dependencies publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09830-x – ident: CR32 – ident: CR36 – ident: CR5 – ident: CR26 – ident: CR18 – ident: CR47 – ident: CR14 – ident: CR2 – ident: CR37 – ident: CR53 – ident: CR30 – ident: CR10 – volume: 45 start-page: 945 issue: 10 year: 2018 end-page: 966 ident: CR11 article-title: A screening test for disclosed vulnerabilities in foss components publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2018.2816033 – ident: CR6 – ident: CR40 – ident: CR27 – ident: CR44 – ident: CR48 – volume: 37 start-page: 772 issue: 6 year: 2010 end-page: 787 ident: CR43 article-title: Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2010.81 – ident: CR3 – ident: CR52 – ident: CR17 – ident: CR31 – ident: CR13 – volume: 6 start-page: 10 year: 2006 end-page: 5555 ident: CR33 article-title: Milk or wine: does software security improve with age? In publication-title: USENIX Security Symposium – ident: CR34 – ident: CR7 – volume: 21 start-page: 2268 issue: 6 year: 2016 end-page: 2297 ident: CR29 article-title: An automatic method for assessing the versions affected by a vulnerability publication-title: Empir Softw Eng doi: 10.1007/s10664-015-9408-2 – volume: 26 start-page: 1 issue: 2 year: 2021 end-page: 45 ident: CR51 article-title: A multi-dimensional analysis of technical lag in Debian-based Docker images publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09908-6 – ident: CR28 – ident: CR41 – ident: CR24 – ident: CR20 – volume: 24 start-page: 381 issue: 1 year: 2019 ident: 10154_CR16 publication-title: Empir Softw Eng doi: 10.1007/s10664-017-9589-y – ident: 10154_CR46 doi: 10.1145/2901739.2901743 – ident: 10154_CR47 doi: 10.1007/978-1-4615-4625-2 – volume: 45 start-page: 945 issue: 10 year: 2018 ident: 10154_CR11 publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2018.2816033 – volume: 6 start-page: 10 year: 2006 ident: 10154_CR33 publication-title: USENIX Security Symposium – ident: 10154_CR9 doi: 10.1109/ICSE.2015.140 – volume: 25 start-page: 3175 issue: 5 year: 2020 ident: 10154_CR38 publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09830-x – ident: 10154_CR50 doi: 10.1007/978-3-319-90421-4_6 – volume: 52 start-page: 119 issue: 2 year: 1998 ident: 10154_CR1 publication-title: The American Statistician – ident: 10154_CR24 doi: 10.14722/ndss.2017.23414 – ident: 10154_CR17 doi: 10.1109/TSE.2021.3112204 – ident: 10154_CR32 doi: 10.1007/978-3-030-52683-2_2 – volume: 26 start-page: 1 issue: 2 year: 2021 ident: 10154_CR51 publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09908-6 – ident: 10154_CR3 doi: 10.1109/SANER50967.2021.00048 – ident: 10154_CR19 doi: 10.1007/978-3-319-57735-7_17 – ident: 10154_CR36 – ident: 10154_CR21 – ident: 10154_CR22 doi: 10.1109/MSR.2017.55 – ident: 10154_CR2 doi: 10.1145/3475716.3475783 – ident: 10154_CR28 doi: 10.1109/TEM.2021.3122012 – ident: 10154_CR42 doi: 10.1109/IWESEP.2018.00013 – ident: 10154_CR34 doi: 10.1145/3372297.3417232 – ident: 10154_CR27 doi: 10.1109/ESEM.2013.19 – ident: 10154_CR14 doi: 10.1109/ICSME.2018.00050 – volume: 26 start-page: 1 issue: 3 year: 2021 ident: 10154_CR45 publication-title: Empir Softw Eng doi: 10.1007/s10664-020-09914-8 – ident: 10154_CR5 – volume: 21 start-page: 2268 issue: 6 year: 2016 ident: 10154_CR29 publication-title: Empir Softw Eng doi: 10.1007/s10664-015-9408-2 – ident: 10154_CR37 doi: 10.1145/1858996.1859089 – ident: 10154_CR12 – ident: 10154_CR41 – ident: 10154_CR52 doi: 10.1109/SANER.2019.8668013 – ident: 10154_CR39 doi: 10.1007/s10664-021-09959-3 – ident: 10154_CR35 doi: 10.1145/3239235.3268920 – ident: 10154_CR8 doi: 10.1145/3324884.3421838 – ident: 10154_CR10 doi: 10.1109/ICSE.2015.140 – ident: 10154_CR6 doi: 10.1145/2950290.2950325 – volume: 37 start-page: 772 issue: 6 year: 2010 ident: 10154_CR43 publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2010.81 – ident: 10154_CR7 doi: 10.1145/3447245 – ident: 10154_CR54 – ident: 10154_CR53 doi: 10.1016/j.scico.2021.102653 – ident: 10154_CR31 – ident: 10154_CR18 doi: 10.1016/j.jss.2020.110653 – ident: 10154_CR49 – ident: 10154_CR30 doi: 10.1145/3427228.3427658 – volume-title: Survival Analysis: Techniques for Censored and Truncated Data year: 2013 ident: 10154_CR23 – ident: 10154_CR44 – ident: 10154_CR13 doi: 10.1109/SANER.2017.7884604 – ident: 10154_CR40 – volume: 3 start-page: 81 issue: 2 year: 2017 ident: 10154_CR25 publication-title: Journal of Cybersecurity doi: 10.1093/cybsec/tyx008 – ident: 10154_CR15 doi: 10.1145/3196398.3196401 – ident: 10154_CR26 doi: 10.1109/ICSE43902.2021.00125 – ident: 10154_CR4 doi: 10.1145/3498891.3501259 – ident: 10154_CR48 – ident: 10154_CR20 doi: 10.1145/3475716.3475769 |
| SSID | ssj0009745 |
| Score | 2.5361335 |
| Snippet | The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such... |
| SourceID | proquest crossref springer |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| SubjectTerms | Compilers Computer Science Exposure Interpreters Open source software Programming Languages Software Engineering/Programming and Operating Systems Software packages |
| SummonAdditionalLinks | – databaseName: SpringerLINK Contemporary 1997-Present dbid: RSV link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3dS8MwEA8yffDF-YnTKXnwTQNrkibto4jTB5kyneytNB-FwZaNdRvsvzdpU6uigj73Gtq7XO93zd3vALiwGJToWGjELZxGVIQKCRlLJGIVpswiBFySJD3wXi8aDuMn3xSWV9Xu1ZFk8aX-0OzGGEWu-jxwgR_ZnGfThrvIuWP_-bWm2uXFaGJHroeIjei-Veb7NT6HoxpjfjkWLaJNt_m_59wFOx5dwutyO-yBDW32QbOa3AC9Ix-AwaOBFvnBskcSTjOY-zl2cLUcOyLqombWZtFwVEqa2QSmRsH-Uqzv9CSH1fRcuYamLCXPD8Gge_tyc4_8gAUkCSMLxFOeWjhEwygWNBVYh1hlYUZtzqhJRnDKA0miDhGUyAhncaYl0Tx1v00lCYOMHIGGmRp9DGAHS84VU1QQYlO2SAjBlLZwiqhISE1bIKj0nEjPPu6GYIyTmjfZ6S2xeksKvSVBC1y-3zMruTd-lW5X5ku8H-YJZty-no25rAWuKnPVl39e7eRv4qdgGzuLF8VnbdBYzJf6DGzJ1WKUz8-L_fkGCnrdyQ priority: 102 providerName: Springer Nature |
| Title | On the impact of security vulnerabilities in the npm and RubyGems dependency networks |
| URI | https://link.springer.com/article/10.1007/s10664-022-10154-1 https://www.proquest.com/docview/2671454296 |
| Volume | 27 |
| WOSCitedRecordID | wos000805577100004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAVX databaseName: SpringerLink Contemporary customDbUrl: eissn: 1573-7616 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0009745 issn: 1382-3256 databaseCode: RSV dateStart: 19970101 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV09T8MwED1By8BC-RSFgjywgQWxkziZEKACAypVC6hiieKPSJXatDRtpf577MQhAgkWFi9xrMR39j3b5_cAzjQGpSrkCjMNp7HLPYm5CAXmofRiXyMEUpAkPbFOJxgMwq7dcMtsWmU5J-YTtZwIs0d-SXzmuEZcyb-efmCjGmVOV62ExjrUDUsCyVP3-hXpLstFig3NHqY6tttLM_bqnO-72OSyOwZGYOd7YKrQ5o8D0jzu3Df--8XbsGURJ7opXGQH1lS6C41SzQHZwb0Hr88p0mgQFfcm0SRBmdW2Q8vFyJBT53m0emWNhkXNdDpGcSpRb8FXD2qcoVJRV6xQWqSXZ_vwet9-uXvEVnQBC-rTOWYxizVEcr0g5G7MifKITLxE_0ioaEJJzBxBgyvKXSoCkoSJElSx2GylCuo5CT2AWjpJ1SGgKyIYk750OaV6GRdwzn2pNMSiMuBCuU1wyh6PhGUkN8IYo6jiUjZWirSVotxKkdOE8693pgUfx5-1W6VpIjs2s6iySxMuSuNWj39v7ejv1o5hkxh_yhPQWlCbzxbqBDbEcj7MZqdQv213ur3T3EN12fXeddnrv30CU87rtg |
| linkProvider | ProQuest |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V3JTsMwFHxik-BCWUVZfYATWDS2EycHhBC7KAWxSNxCvESqBGkhbVF_im_EzkIEEtw4cI5jKfH4eWy_NwOwaTgo1YHQmBs6jZlwFRYykFgEyo08wxBILpLU5K2W__AQXI_Ae1kLY9Mqy5iYBWrVkfaMfJd43GHWXMnb775g6xplb1dLC40cFhd6-Ga2bOne-ZEZ3y1CTo7vDs9w4SqAJfVoD_OIR4YDMNcPBIsE0S5RsRubvgNNY0oi7kjqN6hgVPokDmItqeaRPSuU1HViavodhXFmo3-WKnhbifzyzBTZyvpharhEUaRTlOp5HsM2d96xtAU7XxfCit1-u5DN1rmT2n_7QzMwXTBqdJBPgVkY0ckc1Eq3ClQEr3m4v0qQYbsorwtFnRilhXcfGvSfrPh2lifc1ilq5y2T7jOKEoVu-mJ4qp9TVDoGyyFK8vT5dAHu_-TjFmEs6SR6CVCDSM6Vp5ig1GxTfSGEp7ShkFT5QmpWB6cc4VAWiuvW-OMprLSiLSpCg4owQ0Xo1GH7851urjfya-vVEgphEXvSsMJBHXZKMFWPf-5t-ffeNmDy7O6yGTbPWxcrMEUslrNku1UY67329RpMyEGvnb6uZ7MCweNfg-wDz2REsg |
| linkToPdf | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V1LS8QwEB58IV5cn7g-c9CTBrdJ27QHEVFXRVkXURAvtXkUFrS72t2V_Wv-OpM2tSjozYPnpgltvky-SWbmA9jWHJSqkCvMNJ3GLvck5iIUmIfSi33NEEhRJOmKtVrB_X3YHoP3MhfGhFWWNjE31LIrzBn5PvGZ4xpxJX8_sWER7ZPmYe8FGwUpc9NaymkUELlUozftvmUHFyd6rncIaZ7eHp9jqzCABfVpH7OYxZoPuF4QcjfmRHlEJl6ixwkVTSiJmSNo0KDcpSIgSZgoQRWLzbmhoJ6TUN3vOEwy7WMax6_tPVQFf1kukGxK_GGqeYVN2LFpe77vYhNH7xgKg52vm2LFdL9dzuZ7XrP2n__WHMxapo2OiqUxD2MqXYBaqWKBrFFbhLvrFGkWjIp8UdRNUGY1_dBw8GSKcufxwx2VoU7RMu09oziV6GbAR2fqOUOlkrAYobQIq8-W4O5PPm4ZJtJuqlYANYhgTPrS5ZRq9zXgnPtSaWpJZcCFcuvglLMdCVuJ3QiCPEVVDWmDkEgjJMoREjl12P18p1fUIfm19XoJi8japCyqMFGHvRJY1eOfe1v9vbctmNbYiq4uWpdrMEMMrPMYvHWY6L8O1AZMiWG_k71u5gsEweNfY-wDMfdNlQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=On+the+impact+of+security+vulnerabilities+in+the+npm+and+RubyGems+dependency+networks&rft.jtitle=Empirical+software+engineering+%3A+an+international+journal&rft.au=Zerouali%2C+Ahmed&rft.au=Mens%2C+Tom&rft.au=Decan%2C+Alexandre&rft.au=De+Roover%2C+Coen&rft.date=2022-09-01&rft.issn=1382-3256&rft.eissn=1573-7616&rft.volume=27&rft.issue=5&rft_id=info:doi/10.1007%2Fs10664-022-10154-1&rft.externalDBID=n%2Fa&rft.externalDocID=10_1007_s10664_022_10154_1 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1382-3256&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1382-3256&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1382-3256&client=summon |