{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,9]],"date-time":"2025-12-09T06:32:01Z","timestamp":1765261921434,"version":"3.46.0"},"reference-count":36,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,3,4]],"date-time":"2025-03-04T00:00:00Z","timestamp":1741046400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,3,4]],"date-time":"2025-03-04T00:00:00Z","timestamp":1741046400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,3,4]]},"DOI":"10.1109\/saner-c66551.2025.00020","type":"proceedings-article","created":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T18:38:52Z","timestamp":1765219132000},"page":"89-96","source":"Crossref","is-referenced-by-count":0,"title":["Links Between Package Popularity, Criticality, and Security in Software Ecosystems"],"prefix":"10.1109","author":[{"given":"Alexis","family":"Butler","sequence":"first","affiliation":[{"name":"Information Security Group Royal Holloway University of London,London,United Kingdom"}]},{"given":"Dan","family":"O\u2019Keeffe","sequence":"additional","affiliation":[{"name":"Royal Holloway University of London,Department of Computer Science,London,United Kingdom"}]},{"given":"Santanu Kumar","family":"Dash","sequence":"additional","affiliation":[{"name":"University of Surrey,Department of Computer Science,Guildford,United Kingdom"}]}],"member":"263","reference":[{"year":"2024","key":"ref1","article-title":"Open source maturity in europe: Milestones, opportunities, and pathways in 2024"},{"article-title":"The burden of an open source maintainer","year":"2022","author":"Geerling","key":"ref2"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2024.3404361"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/is.2018.8710484"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09978-0"},{"issue":"6","key":"ref6","first-page":"987","article-title":"Examining the relationship between firm\u2019s financial records and security vulnerabilities","volume-title":"International Journal of Information Management","volume":"36","author":"Roumani","year":"2016"},{"year":"2020","key":"ref7","article-title":"OSSF Scorecard"},{"key":"ref8","first-page":"101738","article-title":"Comparative analysis of centrality measures for identifying critical nodes in complex networks","volume-title":"Journal of Computational Science","volume":"62","author":"Ugurlu","year":"2022"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511721649"},{"article-title":"Quantifying criticality","year":"2020","author":"Pike","key":"ref10"},{"article-title":"Understanding and applying the openssf criticality score in open source projects","year":"2023","author":"Naveen","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3126594.3126651"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9589-y"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00050"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3228332"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1137\/0209016"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511662133.005"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00017"},{"article-title":"State Of Npm 2023: The Overview","year":"2023","author":"Dobocan","key":"ref19"},{"year":"2024","key":"ref20","article-title":"Pypi homepage"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/msr.2015.14"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1126\/science.286.5439.509"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1103\/physrevresearch.1.033034"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1610304.1610308"},{"article-title":"Handling installation of circular dependencies","year":"2023","author":"Smith","key":"ref25"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.200327197"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3527948"},{"year":"2024","key":"ref28","article-title":"About forks"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.25080\/TCWV9851"},{"issue":"1","key":"ref30","first-page":"31","article-title":"The average connectivity of a graph","volume-title":"Discrete Mathematics","volume":"252","author":"Beineke","year":"2002"},{"year":"2024","key":"ref31","article-title":"Pycqa\/bandit"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-28073-3_42"},{"issue":"3","key":"ref33","first-page":"470","article-title":"Tests for rank correlation coefficients. i","volume-title":"Biometrika","volume":"44","author":"Fieller","year":"1957"},{"issue":"3","key":"ref34","first-page":"245","article-title":"Critical values for spearman\u2019s rank order correlation","volume-title":"Journal of Educational Statistics","volume":"14","author":"Ramsey","year":"1989"},{"issue":"4","key":"ref35","first-page":"293","article-title":"Using the sample range as a basis for calculating sample size in power calculations","volume-title":"The American Statistician","volume":"55","author":"Browne","year":"2001"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.002"}],"event":{"name":"2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)","start":{"date-parts":[[2025,3,4]]},"location":"Montreal, QC, Canada","end":{"date-parts":[[2025,3,4]]}},"container-title":["2025 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11272146\/11272056\/11272160.pdf?arnumber=11272160","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,9]],"date-time":"2025-12-09T06:13:20Z","timestamp":1765260800000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11272160\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,4]]},"references-count":36,"URL":"https:\/\/doi.org\/10.1109\/saner-c66551.2025.00020","relation":{},"subject":[],"published":{"date-parts":[[2025,3,4]]}}}