{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:23:23Z","timestamp":1773840203820,"version":"3.50.1"},"reference-count":91,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Grand R&amp;D Plan","award":["2020AAA0103504"],"award-info":[{"award-number":["2020AAA0103504"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61932021"],"award-info":[{"award-number":["61932021"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62141210"],"award-info":[{"award-number":["62141210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902056"],"award-info":[{"award-number":["61902056"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Major Key Project of PCL","award":["PCL2021A06"],"award-info":[{"award-number":["PCL2021A06"]}]},{"name":"Hong Kong RGC\/GRF","award":["16207120"],"award-info":[{"award-number":["16207120"]}]},{"name":"MSRA"},{"name":"ITF","award":["MHP\/055\/19"],"award-info":[{"award-number":["MHP\/055\/19"]}]},{"name":"ITF","award":["PiH\/255\/21"],"award-info":[{"award-number":["PiH\/255\/21"]}]},{"name":"Research Grants Council Research Impact Fund","award":["R5034-18"],"award-info":[{"award-number":["R5034-18"]}]},{"DOI":"10.13039\/501100004608","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"publisher","award":["BK20202001"],"award-info":[{"award-number":["BK20202001"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Open Fund of State Key Lab."},{"DOI":"10.13039\/501100008048","name":"Nanjing University","doi-asserted-by":"publisher","award":["KFKT2021B01"],"award-info":[{"award-number":["KFKT2021B01"]}],"id":[{"id":"10.13039\/501100008048","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100013314","name":"Higher Education Discipline Innovation Project","doi-asserted-by":"publisher","award":["B16009"],"award-info":[{"award-number":["B16009"]}],"id":[{"id":"10.13039\/501100013314","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023,5,1]]},"DOI":"10.1109\/tse.2023.3243262","type":"journal-article","created":{"date-parts":[[2023,2,8]],"date-time":"2023-02-08T18:42:53Z","timestamp":1675881773000},"page":"3155-3181","source":"Crossref","is-referenced-by-count":16,"title":["Plumber: Boosting the Propagation of Vulnerability Fixes in the <i>npm<\/i> Ecosystem"],"prefix":"10.1109","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8645-4326","authenticated-orcid":false,"given":"Ying","family":"Wang","sequence":"first","affiliation":[{"name":"Software College, Northeasthern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1894-8655","authenticated-orcid":false,"given":"Peng","family":"Sun","sequence":"additional","affiliation":[{"name":"Software College, Northeasthern University, Shenyang, China"}]},{"given":"Lin","family":"Pei","sequence":"additional","affiliation":[{"name":"Software College, Northeasthern University, Shenyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9865-2212","authenticated-orcid":false,"given":"Yue","family":"Yu","sequence":"additional","affiliation":[{"name":"National Laboratory for Parallel and Distributed Processing and College of Computer, National University of Defense Technology, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6299-4704","authenticated-orcid":false,"given":"Chang","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, State Key Lab for Novel Software Technology, Nanjing University, Nanjing, Jiangsu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3508-7172","authenticated-orcid":false,"given":"Shing-Chi","family":"Cheung","sequence":"additional","affiliation":[{"name":"Guangzhou HKUST Fok Ying Tung Research Institute, Hong Kong University of Science and Technology, Guangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8024-1781","authenticated-orcid":false,"given":"Hai","family":"Yu","sequence":"additional","affiliation":[{"name":"Software College, Northeasthern University, Shenyang, China"}]},{"given":"Zhiliang","family":"Zhu","sequence":"additional","affiliation":[{"name":"National Frontiers Science Center for Industrial Intelligence and Systems Optimization, Key Laboratory of Data Analytics and Optimization for Smart Industry, and Software College, Northeastern University, Shenyang, China"}]}],"member":"263","reference":[{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667984"},{"key":"ref57","year":"2021"},{"key":"ref56","year":"2021"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19125-1_15"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081868"},{"key":"ref59","year":"2021"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2019.00017"},{"key":"ref58","year":"2021"},{"key":"ref53","year":"2021"},{"key":"ref52","year":"2021"},{"key":"ref55","year":"2021"},{"key":"ref11","first-page":"995","article-title":"Small world with high risks: A study of security threats in the npm ecosystem","author":"zimmermann","year":"2019","journal-title":"Proc 28th USENIX Secur Symp"},{"key":"ref54","year":"2021"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3239235.3268920"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510142"},{"key":"ref19","first-page":"559","article-title":"Towards smoother library migrations: A look at vulnerable dependency migrations at function level for npm javascript packages","author":"zapata","year":"2018","journal-title":"Proc Int Conf Softw Maintenance Evol"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3025443"},{"key":"ref51","year":"2021"},{"key":"ref50","year":"2021"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/940071.940110"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275535"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3447245"},{"key":"ref45","author":"creswell","year":"2013","journal-title":"Qualitative Inquiry and Research Design Choosing Among Five Approaches (3rd Edition)"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-014-9325-9"},{"key":"ref48","year":"2021"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468571"},{"key":"ref42","year":"2021"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332471"},{"key":"ref41","year":"2021"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2014.81"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380395"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2005.1553570"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409759"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9554-9"},{"key":"ref49","year":"2021"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3112204"},{"key":"ref7","year":"2021"},{"key":"ref9","year":"2021"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-019-9117-x"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-020-9441-1"},{"key":"ref6","year":"2021"},{"key":"ref5","year":"2021"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2012.6405296"},{"key":"ref81","first-page":"351","article-title":"A Look at the Dynamics of the JavaScript Package Ecosystem","author":"wittern","year":"2016","journal-title":"2016 IEEE\/ACM 13th Conference on Mining Software Repositories (MSR)"},{"key":"ref40","article-title":"Truffle#1147","year":"2021"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME46990.2020.00014"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3106247"},{"key":"ref35","year":"2021"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106267"},{"key":"ref34","year":"2021"},{"key":"ref78","article-title":"On the impact of micro-packages: An empirical study of the npm javascript ecosystem","author":"kula","year":"2017"},{"key":"ref37","year":"2021"},{"key":"ref36","year":"2021"},{"key":"ref31","year":"2021"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2015.21"},{"key":"ref30","year":"2021"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2017.7884604"},{"key":"ref33","year":"2021"},{"key":"ref77","doi-asserted-by":"crossref","first-page":"1595","DOI":"10.1360\/SSI-2020-0079","article-title":"Theories and techniques for growing software: Paradigm and beyond","volume":"50","author":"xu","year":"2020","journal-title":"Sci Sinica Inf"},{"key":"ref32","year":"2021"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196401"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.11613\/BM.2012.031"},{"key":"ref38","year":"2021"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-022-1390-4"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9589-y"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-78120-0_5"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859089"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1986.6312975"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2009.04.013"},{"key":"ref67","year":"2021"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-020-9518-x"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332492"},{"key":"ref64","year":"2021"},{"key":"ref63","year":"2021"},{"key":"ref22","first-page":"3041","article-title":"V0Finder: Discovering the correct origin of publicly reported software vulnerabilities","author":"woo","year":"2021","journal-title":"Proc 30th USENIX Secur Symp"},{"key":"ref66","year":"2021"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00054"},{"key":"ref65","year":"2021"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.04.008"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00061"},{"key":"ref29","year":"2021"},{"key":"ref60","year":"2021"},{"key":"ref62","year":"2021"},{"key":"ref61","year":"2021"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10124809\/10040905.pdf?arnumber=10040905","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,19]],"date-time":"2023-06-19T18:00:39Z","timestamp":1687197639000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10040905\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,1]]},"references-count":91,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tse.2023.3243262","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,1]]}}}