A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems

arXiv:2404.11467v1 Announce Type: cross
Abstract: Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages can unveil potential risks within existing OSS ecosystems, offering valuable insights for detecting malicious packages. In this study, we undertake a large-scale empirical analysis focusing on fine-grained information (FGI): the metadata, static, and dynamic functions. Specifically, we investigate the FGI usage across …

analysis arxiv can cs.cr cs.se distribution ecosystems insights large management managers maven npm open-source software oss package package managers packages play pypi risks role scale software