REM: Visualizing the Ripple Effect on Dependencies Using Metrics of Health

Abstract: In recent years, free and open-source software (FOSS) components have become common dependencies in the development of software, both open source and proprietary. As the complexity of software increases, so does the number of software components they depend upon; in addition, software components are also depending on other components. Thus, their dependency graphs are growing in size and complexity. One of the current challenges in software development is that it is not trivial to know the full dependency grap… Show more

“…Even though there are multiple tools 2345 managing OSS libraries in terms of SBOM generation, vulnerability identification or security reporting, the aspect about maintenance activities is either limited, too simplistic or not transparent. To visualize the effect of direct and transitive dependencies, Chen and German built a tool which highlights problematic dependencies induced via transitive links within a dependency network using publicly available NPM features [6]. For continuous monitoring, my approach could be integrated into an automated building process, similar to AuditJS 6 or Dependabot 7 .…”

Analyzing Maintenance Activities of Software Libraries

“…Even though there are multiple tools 2345 managing OSS libraries in terms of SBOM generation, vulnerability identification or security reporting, the aspect about maintenance activities is either limited, too simplistic or not transparent. To visualize the effect of direct and transitive dependencies, Chen and German built a tool which highlights problematic dependencies induced via transitive links within a dependency network using publicly available NPM features [6]. For continuous monitoring, my approach could be integrated into an automated building process, similar to AuditJS 6 or Dependabot 7 .…”

Analyzing Maintenance Activities of Software Libraries