Paper Info
Title
Towards Smoother Library Migrations: A Look at Vulnerable Dependency Migrations at Function Level for npm JavaScript Packages
Abstract
It has become common practice for software projects to adopt third-party libraries, allowing developers full access to functions that otherwise will take time and effort to create them-selves. Regardless of migration effort involved, developers are encouraged to maintain their library dependencies by updating any outdated dependency, so as to remain safe from potential threats such as vulnerabilities. Through a manual inspection of a total of 60 client projects from three cases of high severity vulnerabilities, we investigate whether or not clients are really safe from these threats. Surprisingly, our early results show evidence that up to 73.3% of outdated clients were actually safe from the threat. This is the first work to confirm that analysis at the library level is indeed an overestimation. This result to pave the path for future studies to empirically investigate and validate this phenomena, and is towards aiding a smoother library migration for client developers.
Year
DOI
Venue
2018
10.1109/ICSME.2018.00067
2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)
Keywords
Field
DocType
Third party libraries,Libraries updates,Libraries tracking
Systems engineering,Computer security,Computer science,Server,Software,Vulnerability,JavaScript
Conference
ISSN
ISBN
Citations 
1063-6773
978-1-5386-7871-8
3
PageRank 
References 
Authors
0.38
9
6
Name
Order
Citations
PageRank
Rodrigo Elizalde Zapata130.38
Raula Gaikovina Kula226425.82
Bodin Chinthanet352.77
Takashi Ishio421128.48
Ken-ichi Matsumoto51396131.56
Akinori Ihara623819.84