On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency Networks

This repository represents a replication package for our analysis on security vulnerabilities of npm and RubyGems dependencies..

This replication package requires Python 3.5+ to be installed, and all the dependencies listed in requirements.txt.

They can be automatically installed using pip install -r requirements.txt. These experiments were executed on a Linux Ubuntu OS.

This replication package contains two folders:

• notebooks: contains notebooks where we analyze data.
• figures: contains figures saved from the notebooks

To obtain the analysis used in the paper, one should execute jupyter notebook at the root of this replication package, and open the notebook contained in notebooks.

However, since the data we relied on are subject to a non-disclosure agreement, we are not allowed to share it. In case you want to reproduce this study, you need to contact Snyk first. If they allowed you to use their dataset of vulnerabilities we can then share with you our resulted data as well.

contact: [email protected]

The source code is under the GNU General Public License.