Print Email Facebook Twitter Analyzing the Criticality of NPM Packages Through a Time-Dependent Dependency Graph Title Analyzing the Criticality of NPM Packages Through a Time-Dependent Dependency Graph Author Brands, Anna (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Gousios, Giorgos (mentor) Spinellis, D. (mentor) Anand, A. (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2022-06-23 Abstract In (open-source) development, developers routinely rely on other libraries to improve their coding efficiency by reusing code. This reliance on other packages could cause issues when critical dependencies have suddenly have a vulnerability introduced to them. This work analyzes the criticality for NPM. To get an accurate picture of what the most-critical and thus possibly most-vulnerable packages are, the entirety of NPM must be analyzed. However, this proved too big to be able to fit in 500GB of memory. This work therefore examines a small subset of 100 thousand packages. To do the analysis, this paper proposes a novel approach of embedding a time dimension into the package network to provide better accuracy. This papers analysis show that both with and without this time dimension, \texttt{babel} packages are by far the most important in the package graph (as measured by PageRank). We should, however, keep in mind that this came from only analyzing 100 thousand packages. Thus, further research is required to confirm this conclusion. In particular, other importance measures should be used to find out the packages' criticality. Subject Dependency AnalysisNPMtime dependent To reference this document use: http://resolver.tudelft.nl/uuid:ca172ae3-3e8b-4b1b-9236-81e8983d3943 Part of collection Student theses Document type bachelor thesis Rights © 2022 Anna Brands Files PDF RP_FINAL_AJMBRANDS.pdf 1.4 MB Close viewer /islandora/object/uuid:ca172ae3-3e8b-4b1b-9236-81e8983d3943/datastream/OBJ/view