{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T13:19:25Z","timestamp":1780924765053,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,28]],"date-time":"2018-05-28T00:00:00Z","timestamp":1527465600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"FRS - FNRS Belgium","award":["Research Credit J.0023.16"],"award-info":[{"award-number":["Research Credit J.0023.16"]}]},{"name":"FRQ (Qu\u00e9bec) and F.R.S- FNRS (Belgium)","award":["Collaborative research project R.60.04.18.F SECOHealth"],"award-info":[{"award-number":["Collaborative research project R.60.04.18.F SECOHealth"]}]},{"name":"FWO - Vlaanderen and F.R.S.-FNRS","award":["Excellence of Science project 30446992 SECO-Assist"],"award-info":[{"award-number":["Excellence of Science project 30446992 SECO-Assist"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,28]]},"DOI":"10.1145\/3196398.3196401","type":"proceedings-article","created":{"date-parts":[[2018,7,23]],"date-time":"2018-07-23T13:02:25Z","timestamp":1532350945000},"page":"181-191","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":177,"title":["On the impact of security vulnerabilities in the npm package dependency network"],"prefix":"10.1145","author":[{"given":"Alexandre","family":"Decan","sequence":"first","affiliation":[{"name":"University of Mons, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tom","family":"Mens","sequence":"additional","affiliation":[{"name":"University of Mons, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Eleni","family":"Constantinou","sequence":"additional","affiliation":[{"name":"University of Mons, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,5,28]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"O. Aalen O. Borgan and H. Gjessing. 2008. Survival and Event History Analysis: A Process Point of View. Springer.  O. Aalen O. Borgan and H. Gjessing. 2008. Survival and Event History Analysis: A Process Point of View. Springer.","DOI":"10.1007\/978-0-387-68560-1"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106267"},{"key":"e_1_3_2_1_3_1","unstructured":"P. Bisht M. Heim M. Ifland M. Scovetta and T. Skinner. 2017. Managing Security Risks Inherent in the Use of Third-party Components. (2017). Executive Information Systems Inc. White Paper No. Eleven.  P. Bisht M. Heim M. Ifland M. Scovetta and T. Skinner. 2017. Managing Security Risks Inherent in the Use of Third-party Components. (2017). Executive Information Systems Inc. White Paper No. Eleven."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"M. Cadariu E. Bouwers J. Visser and A. van Deursen. 2015. Tracking known security vulnerabilities in proprietary software systems. In Int'l Conf. Software Analysis Evolution and Reengineering. 516--519.  M. Cadariu E. Bouwers J. Visser and A. van Deursen. 2015. Tracking known security vulnerabilities in proprietary software systems. In Int'l Conf. Software Analysis Evolution and Reengineering. 516--519.","DOI":"10.1109\/SANER.2015.7081868"},{"key":"e_1_3_2_1_6_1","volume-title":"Working Conf. Mining Software Repositories. 269--279","author":"Camilo F.","unstructured":"F. Camilo , A. Meneely , and M. Nagappan . 2015. Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project . In Working Conf. Mining Software Repositories. 269--279 . F. Camilo, A. Meneely, and M. Nagappan. 2015. Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project. In Working Conf. Mining Software Repositories. 269--279."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"J. Cox E. Bouwers M. van Eekelen and J. Visser. 2015. Measuring Dependency Freshness in Software Systems. In Int'l Conf. Software Engineering. IEEE Press 109--118.   J. Cox E. Bouwers M. van Eekelen and J. Visser. 2015. Measuring Dependency Freshness in Software Systems. In Int'l Conf. Software Engineering. IEEE Press 109--118.","DOI":"10.1109\/ICSE.2015.140"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2993412.3003382"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"A. Decan T. Mens and M. Claes. 2017. An empirical comparison of dependency issues in OSS packaging ecosystems. In Int'l Conf. Software Analysis Evolution and Reengineering. 2--12.  A. Decan T. Mens and M. Claes. 2017. An empirical comparison of dependency issues in OSS packaging ecosystems. In Int'l Conf. Software Analysis Evolution and Reengineering. 2--12.","DOI":"10.1109\/SANER.2017.7884604"},{"key":"e_1_3_2_1_10_1","volume-title":"An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engineering (10","author":"Decan Alexandre","year":"2018","unstructured":"Alexandre Decan , Tom Mens , and Philippe Grosjean . 2018. An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engineering (10 Feb 2018 ). Alexandre Decan, Tom Mens, and Philippe Grosjean. 2018. An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engineering (10 Feb 2018)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_13_1","unstructured":"J.I. Hejderup. 2015. In Dependencies We Trust: How vulnerable are dependencies in software modules? Master's thesis. Delft University of Technology.  J.I. Hejderup. 2015. In Dependencies We Trust: How vulnerable are dependencies in software modules? Master's thesis. Delft University of Technology."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1958.10501452"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"e_1_3_2_1_16_1","volume-title":"Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In ISOC Network and Distributed System Security Symposium.","author":"Lauinger T.","unstructured":"T. Lauinger , A. Chaabane , W. Robertson , C. Wilson , and E. Kirda . 2017 . Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In ISOC Network and Distributed System Security Symposium. T. Lauinger, A. Chaabane, W. Robertson, C. Wilson, and E. Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In ISOC Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the Third International Conference on Engineering Secure Software and Systems (ESSoS'11)","author":"Massacci F.","year":"1946","unstructured":"F. Massacci , S. Neuhaus , and V. H. Nguyen . 2011. After-life Vulnerabilities: A Study on Firefox Evolution, Its Vulnerabilities, and Fixes . In Proceedings of the Third International Conference on Engineering Secure Software and Systems (ESSoS'11) . Springer-Verlag, Berlin, Heidelberg, 195--208. http:\/\/dl.acm.org\/citation.cfm?id= 1946 341.1946361 F. Massacci, S. Neuhaus, and V. H. Nguyen. 2011. After-life Vulnerabilities: A Study on Firefox Evolution, Its Vulnerabilities, and Fixes. In Proceedings of the Third International Conference on Engineering Secure Software and Systems (ESSoS'11). Springer-Verlag, Berlin, Heidelberg, 195--208. http:\/\/dl.acm.org\/citation.cfm?id=1946341.1946361"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1853919.1853925"},{"key":"e_1_3_2_1_19_1","unstructured":"A. Nesbitt and B. Nickolls. 2017. Libraries.io Open Source Repository and Dependency Metadata. (June 2017).  A. Nesbitt and B. Nickolls. 2017. Libraries.io Open Source Repository and Dependency Metadata. (June 2017)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2009.04.013"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859089"},{"key":"e_1_3_2_1_22_1","volume-title":"The State of Open Source Security. https:\/\/snyk.io\/stateofossecurity\/. (November","year":"2017","unstructured":"snyk. 2017. The State of Open Source Security. https:\/\/snyk.io\/stateofossecurity\/. (November 2017 ). snyk. 2017. The State of Open Source Security. https:\/\/snyk.io\/stateofossecurity\/. (November 2017)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219078"},{"key":"e_1_3_2_1_24_1","unstructured":"J. Williams and A. Dabirsiaghi. 2014. The Unfortunate Reality of Insecure Libraries. White Paper. Contrast Security.  J. Williams and A. Dabirsiaghi. 2014. The Unfortunate Reality of Insecure Libraries. White Paper. Contrast Security."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2901743"}],"event":{"name":"ICSE '18: 40th International Conference on Software Engineering","location":"Gothenburg Sweden","acronym":"ICSE '18","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"]},"container-title":["Proceedings of the 15th International Conference on Mining Software Repositories"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196398.3196401","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196398.3196401","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:57Z","timestamp":1750208937000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196398.3196401"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,28]]},"references-count":25,"alternative-id":["10.1145\/3196398.3196401","10.1145\/3196398"],"URL":"https:\/\/doi.org\/10.1145\/3196398.3196401","relation":{},"subject":[],"published":{"date-parts":[[2018,5,28]]},"assertion":[{"value":"2018-05-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}