{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T13:45:37Z","timestamp":1730295937642,"version":"3.28.0"},"reference-count":26,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,5,30]],"date-time":"2024-05-30T00:00:00Z","timestamp":1717027200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,30]],"date-time":"2024-05-30T00:00:00Z","timestamp":1717027200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,5,30]]},"DOI":"10.1109\/sera61261.2024.10685587","type":"proceedings-article","created":{"date-parts":[[2024,9,26]],"date-time":"2024-09-26T17:41:47Z","timestamp":1727372507000},"page":"237-242","source":"Crossref","is-referenced-by-count":0,"title":["Characterising Contributions that Coincide with Vulnerability Mitigation in NPM Libraries"],"prefix":"10.1109","author":[{"given":"Ruksit","family":"Rojpaisarnkit","sequence":"first","affiliation":[]},{"given":"Hathaichanok","family":"Damrongsiri","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Treude","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology, Japan Singapore Management University,Singapore"}]},{"given":"Ali","family":"Ouni","sequence":"additional","affiliation":[{"name":"ETS Montreal, University of Quebec,Canada"}]},{"given":"Raula Gaikovina","family":"Kula","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"volume-title":"The state of the octoverse - the state of the octoverse explores a year of change with new deep dives into developer productivity, security, and how we build communities on github","year":"2020","key":"ref1"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00048"},{"key":"ref5","first-page":"181","article-title":"On the impact of security vulnerabilities in the npm package dependency network","volume-title":"International Conference on Mining Software Repositories Conference (MSR)","author":"Decan"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.140"},{"volume-title":"On the impact of security vulnerabilities in the npm and rubygems dependency networks","year":"2021","author":"Zerouali","key":"ref7"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2015.21"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"volume-title":"Alpha-omega - opensource security foundation","year":"2022","key":"ref10"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9589-y"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2020.3041241"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177730491.MR0022058.Zbl0041.26103"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2017.7884604"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-90421-4_6"},{"issue":"5","key":"ref17","first-page":"1275","article-title":"How the apache community upgrades dependencies: an evolutionary study","volume-title":"Empirical Softw. Engg.","volume":"20","author":"Bavota","year":"2015"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332471"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393662"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2016.64"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.002"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.06.003"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"ref25","first-page":"351","article-title":"A Look at the Dynamics of the JavaScript Package Ecosystem","volume-title":"Proceedings of the 13th International Conference on Mining Software Repositories (MSR)","author":"Wittern"},{"volume-title":"Tweet for log4j","year":"2022","key":"ref26"}],"event":{"name":"2024 IEEE\/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","start":{"date-parts":[[2024,5,30]]},"location":"Honolulu, HI, USA","end":{"date-parts":[[2024,6,1]]}},"container-title":["2024 IEEE\/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10685512\/10685554\/10685587.pdf?arnumber=10685587","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,27]],"date-time":"2024-09-27T04:44:12Z","timestamp":1727412252000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10685587\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,30]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/sera61261.2024.10685587","relation":{},"subject":[],"published":{"date-parts":[[2024,5,30]]}}}