File-level copying acts as an implicit dependency in open source, removing provenance signals and concentrating security risks in vendored copies and license risks in direct source reuse.
An empirical analysis of technical lag in npm package dependencies,
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.SE 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
File-Level Copying Is an Implicit Dependency in Open Source
File-level copying acts as an implicit dependency in open source, removing provenance signals and concentrating security risks in vendored copies and license risks in direct source reuse.