Depdive first (i) identifies the files and the code changes in an update that cannot be traced back to the package's source repository, i.e., phantom artifacts; and then (ii) measures what portion of changes in the update, excluding the phantom artifacts, has passed through a code review process, i.e., code review ...
Sep 28, 2023 · We find that phantom artifacts are not uncommon in the updates (20.1% of the analyzed updates had at least one phantom file). The phantoms ...
The goal of this study is to aid developers in securely accepting dependency updates by measuring if the code changes in an update have passed through a ...
The goal of this study is to aid developers in securely accepting dependency updates by measuring if the code changes in an update have passed through a ...
Phantom artifacts are not uncommon in the updates (20.1% of the analyzed updates had at least one phantom file). The phantoms can appear either due to ...
Sep 28, 2023 · The goal of this study is to aid developers in securely accepting dependency updates by measuring if the code changes in an update have passed through a code ...
Regarding code review coverage (CRC), we find the updates are typically only partially code-reviewed (52.5% of the time). Further, only 9.0% of the packages had ...
We find that phantom artifacts are not uncommon in the updates (20.1% of the analyzed updates had at least one phantom file). The phantoms can appear either ...
Sep 28, 2023 · Phantom dependencies are dependencies used by your code that are not declared in the manifest. If you miss them, they can sneak reachable risks ...
TL;DR: Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are ...