{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T09:33:05Z","timestamp":1761989585622,"version":"3.44.0"},"reference-count":31,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T00:00:00Z","timestamp":1751328000000},"content-version":"vor","delay-in-days":1461,"URL":"http:\/\/www.elsevier.com\/open-access\/userlicense\/1.0\/"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T00:00:00Z","timestamp":1625097600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100002661","name":"FRS-FNRS","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003130","name":"FWO","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003130","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Science of Computer Programming"],"published-print":{"date-parts":[[2021,7]]},"DOI":"10.1016\/j.scico.2021.102653","type":"journal-article","created":{"date-parts":[[2021,4,2]],"date-time":"2021-04-02T19:57:50Z","timestamp":1617393470000},"page":"102653","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":18,"special_numbering":"C","title":["On the usage of JavaScript, Python and Ruby packages in Docker Hub images"],"prefix":"10.1016","volume":"207","author":[{"given":"Ahmed","family":"Zerouali","sequence":"first","affiliation":[]},{"given":"Tom","family":"Mens","sequence":"additional","affiliation":[]},{"given":"Coen","family":"De Roover","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"3","key":"10.1016\/j.scico.2021.102653_br0010","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1109\/MCC.2014.51","article-title":"Containers and cloud: from LXC to Docker to Kubernetes","volume":"1","author":"Bernstein","year":"2014","journal-title":"IEEE Cloud Comput."},{"year":"2014","series-title":"The Docker Book: Containerization is the New Virtualization","author":"Turnbull","key":"10.1016\/j.scico.2021.102653_br0020"},{"author":"Stack Overflow","key":"10.1016\/j.scico.2021.102653_br0030"},{"key":"10.1016\/j.scico.2021.102653_br0040","article-title":"An empirical case study on the temporary file smell in Dockerfiles","author":"Lu","year":"2019","journal-title":"IEEE Access"},{"key":"10.1016\/j.scico.2021.102653_br0050","series-title":"2019 IEEE International Conference on Software Maintenance and Evolution","first-page":"524","article-title":"Handling duplicates in dockerfiles families: Learning from experts","author":"Oumaziz","year":"2019"},{"key":"10.1016\/j.scico.2021.102653_br0060","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.comcom.2018.03.011","article-title":"Docker ecosystem\u2013vulnerability analysis","volume":"122","author":"Martin","year":"2018","journal-title":"Comput. Commun."},{"author":"Bettini","key":"10.1016\/j.scico.2021.102653_br0070"},{"author":"Anchore.io","key":"10.1016\/j.scico.2021.102653_br0080"},{"key":"10.1016\/j.scico.2021.102653_br0090","series-title":"International Conference on Data and Application Security and Privacy","first-page":"269","article-title":"A study of security vulnerabilities on Docker Hub","author":"Shu","year":"2017"},{"year":"2015","series-title":"Over 30% of official images in Docker Hub contain high priority security vulnerabilities","author":"Gummaraju","key":"10.1016\/j.scico.2021.102653_br0100"},{"key":"10.1016\/j.scico.2021.102653_br0110","series-title":"International Conference on Software Analysis, Evolution and Reengineering","first-page":"491","article-title":"On the relation between outdated Docker containers, severity vulnerabilities, and bugs","author":"Zerouali","year":"2019"},{"key":"10.1016\/j.scico.2021.102653_br0120","series-title":"International Conference on Software Analysis, Evolution and Reengineering","first-page":"619","article-title":"On the impact of outdated and vulnerable JavaScript packages in Docker images","author":"Zerouali","year":"2019"},{"issue":"1","key":"10.1016\/j.scico.2021.102653_br0130","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1007\/s10664-017-9589-y","article-title":"An empirical comparison of dependency network evolution in seven software packaging ecosystems","volume":"24","author":"Decan","year":"2019","journal-title":"Empir. Softw. Eng."},{"key":"10.1016\/j.scico.2021.102653_br0140","series-title":"International Conference on Advanced Information Networking and Applications","first-page":"955","article-title":"Performance overhead comparison between hypervisor and container based virtualization","author":"Li","year":"2017"},{"key":"10.1016\/j.scico.2021.102653_br0150","series-title":"2018 European Conference on Networks and Communications","first-page":"282","article-title":"A performance benchmarking analysis of hypervisors containers and unikernels on ARMv8 and x86 CPUs","author":"Acharya","year":"2018"},{"key":"10.1016\/j.scico.2021.102653_br0160","series-title":"International Conference on Mining Software Repositories","first-page":"323","article-title":"An empirical analysis of the Docker container ecosystem on GitHub","author":"Cito","year":"2017"},{"key":"10.1016\/j.scico.2021.102653_br0170","series-title":"International Conference on Software Engineering","article-title":"Learning from, understanding, and supporting DevOps artifacts for Docker","author":"Henkel","year":"2020"},{"year":"2019","series-title":"A deep dive into Docker Hub's security landscape \u2013 a story of inheritance?","author":"Socchi","key":"10.1016\/j.scico.2021.102653_br0180"},{"key":"10.1016\/j.scico.2021.102653_br0190","doi-asserted-by":"crossref","DOI":"10.1002\/smr.2157","article-title":"A formal framework for measuring technical lag in component repositories\u2014and its application to npm","author":"Zerouali","year":"2019","journal-title":"J. Softw. Evol. Process"},{"author":"Preston-Werner","key":"10.1016\/j.scico.2021.102653_br0200"},{"author":"npm","key":"10.1016\/j.scico.2021.102653_br0240"},{"key":"10.1016\/j.scico.2021.102653_br0270","series-title":"Annual Meeting of the Southern Association for Institutional Research","article-title":"Exploring methods for evaluating group differences on the NSSE and other surveys: are the t-test and Cohen's d indices the most appropriate choices?","author":"Romano","year":"2006"},{"author":"Katz","key":"10.1016\/j.scico.2021.102653_br0280"},{"key":"10.1016\/j.scico.2021.102653_br0290","series-title":"Working Conference on Mining Software Repositories","first-page":"93","article-title":"Security versus performance bugs: a case study on Firefox","author":"Zaman","year":"2011"},{"key":"10.1016\/j.scico.2021.102653_br0300","series-title":"International Conference on Software Engineering","first-page":"109","article-title":"Measuring dependency freshness in software systems","author":"Cox","year":"2015"},{"key":"10.1016\/j.scico.2021.102653_br0310","series-title":"International Conference on Mining Software Repositories","article-title":"On the impact of security vulnerabilities in the npm package dependency network","author":"Decan","year":"2018"},{"key":"10.1016\/j.scico.2021.102653_br0320","first-page":"1","article-title":"Too many images on DockerHub! How different are images for the same system?","author":"Ibrahim","year":"2020","journal-title":"Empir. Softw. Eng."},{"year":"2019","series-title":"A measurement framework for analyzing technical lag in open-source software ecosystems","author":"Zerouali","key":"10.1016\/j.scico.2021.102653_br0330"},{"issue":"1","key":"10.1016\/j.scico.2021.102653_br0340","doi-asserted-by":"crossref","first-page":"384","DOI":"10.1007\/s10664-017-9521-5","article-title":"Do developers update their library dependencies?","volume":"23","author":"Kula","year":"2017","journal-title":"Empir. Softw. Eng."},{"key":"10.1016\/j.scico.2021.102653_br0350","series-title":"Proceedings of the 26th Conference on Program Comprehension","first-page":"255","article-title":"Do developers update third-party libraries in mobile apps?","author":"Salza","year":"2018"},{"year":"2000","series-title":"Experimentation in Software Engineering - An Introduction","author":"Wohlin","key":"10.1016\/j.scico.2021.102653_br0360"}],"container-title":["Science of Computer Programming"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167642321000460?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167642321000460?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T22:48:45Z","timestamp":1759099725000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167642321000460"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7]]},"references-count":31,"alternative-id":["S0167642321000460"],"URL":"https:\/\/doi.org\/10.1016\/j.scico.2021.102653","relation":{},"ISSN":["0167-6423"],"issn-type":[{"type":"print","value":"0167-6423"}],"subject":[],"published":{"date-parts":[[2021,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"On the usage of JavaScript, Python and Ruby packages in Docker Hub images","name":"articletitle","label":"Article Title"},{"value":"Science of Computer Programming","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.scico.2021.102653","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2021 Elsevier B.V.","name":"copyright","label":"Copyright"}],"article-number":"102653"}}