Large-scale analysis of 1.07 million npm packages shows 21.6% have at least one vulnerable dependency, with the top 23 vulnerabilities accounting for 50% of cases and an average 4-year-11-month fix delay.
Title resolution pending
2 Pith papers cite this work. Polarity classification is still indexing.
2
Pith papers citing it
verdicts
UNVERDICTED 2representative citing papers
In the NPM ecosystem, effort is mostly contributed to and demanded from direct dependencies, with three user groups for demand and two for contribution identified via fuzzy c-means clustering, and company affiliation predicted with AUC-ROC of 0.68 using Random Forest.
citing papers explorer
-
Original Sin of npm: A Study on Vulnerability Propagation in JavaScript Dependency Networks
Large-scale analysis of 1.07 million npm packages shows 21.6% have at least one vulnerable dependency, with the top 23 vulnerabilities accounting for 50% of cases and an average 4-year-11-month fix delay.
-
Patterns of Effort Contribution and Demand and User Classification based on Participation Patterns in NPM Ecosystem
In the NPM ecosystem, effort is mostly contributed to and demanded from direct dependencies, with three user groups for demand and two for contribution identified via fuzzy c-means clustering, and company affiliation predicted with AUC-ROC of 0.68 using Random Forest.