Systematic literature review of the trust reinforcement mechanisms exist in package ecosystems
Angel Temelko, Fang Hou, Siamak Farshidi, and Slinger Jansen
TL;DR
This systematic literature review analyzes existing trust reinforcement mechanisms in package ecosystems, focusing on npm security tools, user responses, and integration challenges to identify trends and gaps.
Contribution
It provides a comprehensive overview of trust tools in npm, highlighting current challenges, user behaviors, and areas needing further research.
Findings
Identifies key trust reinforcement strategies in npm.
Highlights user response patterns to security warnings.
Pinpoints gaps in current trust mechanisms.
Abstract
We conducted a thorough SLR to better grasp the challenges and possible solutions associated with existing npm security tools. Our goal was to delve into documented experiences and findings. Specifically, we were keen to learn about the motivations behind choosing third-party packages, software engineers' responses to warning messages, and their overall understanding of security issues. The main aim of this review was to pinpoint prevailing trends, methods, and concerns in trust tools for the present npm environment. Furthermore, we sought to understand the complexities of integrating SECO into platforms such as npm. By analyzing earlier studies, our intention was to spot any overlooked areas and steer our research to address them.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCopyright and Intellectual Property · Digital Rights Management and Security · Sharing Economy and Platforms