{"id":"https://openalex.org/W2921999452","doi":"https://doi.org/10.1109/saner.2019.8667984","title":"On the Impact of Outdated and Vulnerable Javascript Packages in Docker Images","display_name":"On the Impact of Outdated and Vulnerable Javascript Packages in Docker Images","publication_year":2019,"publication_date":"2019-02-01","ids":{"openalex":"https://openalex.org/W2921999452","doi":"https://doi.org/10.1109/saner.2019.8667984","mag":"2921999452"},"language":"en","primary_location":{"id":"doi:10.1109/saner.2019.8667984","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner.2019.8667984","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056738223","display_name":"Ahmed Zerouali","orcid":"https://orcid.org/0000-0002-2676-3730"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ahmed Zerouali","raw_affiliation_strings":["UMONS, Belgium"],"affiliations":[{"raw_affiliation_string":"UMONS, Belgium","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045308977","display_name":"Valerio Cosentino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Valerio Cosentino","raw_affiliation_strings":["Bitergia, Spain"],"affiliations":[{"raw_affiliation_string":"Bitergia, Spain","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060239584","display_name":"Tom Mens","orcid":"https://orcid.org/0000-0003-3636-5020"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tom Mens","raw_affiliation_strings":["UMONS, Belgium"],"affiliations":[{"raw_affiliation_string":"UMONS, Belgium","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061131972","display_name":"Greg\u00f3rio Robles","orcid":"https://orcid.org/0000-0002-1442-6761"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gregorio Robles","raw_affiliation_strings":["URJS, Spain"],"affiliations":[{"raw_affiliation_string":"URJS, Spain","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066580987","display_name":"Jes\u00fas M. Gonz\u00e1lez-Barahona","orcid":"https://orcid.org/0000-0001-9682-460X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jesus M. Gonzalez-Barahona","raw_affiliation_strings":["URJS, Spain"],"affiliations":[{"raw_affiliation_string":"URJS, Spain","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5056738223"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.0331,"has_fulltext":false,"cited_by_count":43,"citation_normalized_percentile":{"value":0.93186322,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"619","last_page":"623"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8863968849182129},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7899317741394043},{"id":"https://openalex.org/keywords/software-portability","display_name":"Software portability","score":0.7438223361968994},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6392341256141663},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.599704921245575},{"id":"https://openalex.org/keywords/backward-compatibility","display_name":"Backward compatibility","score":0.5898499488830566},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47021010518074036},{"id":"https://openalex.org/keywords/modularity","display_name":"Modularity (biology)","score":0.4594399034976959},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4293387234210968},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42659521102905273},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3873976469039917},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2386302351951599}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8863968849182129},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7899317741394043},{"id":"https://openalex.org/C63000827","wikidata":"https://www.wikidata.org/wiki/Q3080428","display_name":"Software portability","level":2,"score":0.7438223361968994},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6392341256141663},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.599704921245575},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.5898499488830566},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47021010518074036},{"id":"https://openalex.org/C2779478453","wikidata":"https://www.wikidata.org/wiki/Q6889748","display_name":"Modularity (biology)","level":2,"score":0.4594399034976959},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4293387234210968},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42659521102905273},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3873976469039917},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2386302351951599},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/saner.2019.8667984","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner.2019.8667984","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"},{"id":"pmh:oai:orbi.umons.ac.be:20.500.12907/39201","is_oa":false,"landing_page_url":"https://orbi.umons.ac.be/handle/20.500.12907/39201","pdf_url":null,"source":{"id":"https://openalex.org/S7407055454","display_name":"ORBi UMONS","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE International Conference on Software Analysis, Evolution, and Reengineering, Hangzhou, China [CN], 2019","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1993114042","https://openalex.org/W2154183829","https://openalex.org/W2598200822","https://openalex.org/W2607296448","https://openalex.org/W2614073125","https://openalex.org/W2769066657","https://openalex.org/W2784428937","https://openalex.org/W2789570312","https://openalex.org/W2801591443","https://openalex.org/W2901560623","https://openalex.org/W3121596715","https://openalex.org/W4256420017","https://openalex.org/W4285719527","https://openalex.org/W4393805696","https://openalex.org/W6737931128","https://openalex.org/W6756801215"],"related_works":["https://openalex.org/W107105315","https://openalex.org/W4367156293","https://openalex.org/W1584537303","https://openalex.org/W4388155270","https://openalex.org/W1872724644","https://openalex.org/W2750549761","https://openalex.org/W28826848","https://openalex.org/W2122272819","https://openalex.org/W4286331434","https://openalex.org/W4321016506"],"abstract_inverted_index":{"Containerized":[0],"applications,":[1],"and":[2,24,44,67,112,156],"in":[3,12,19,57,75,139,181],"particular":[4],"Docker":[5,28,118,140,182,193],"images,":[6,59,119],"are":[7],"becoming":[8],"a":[9],"common":[10],"solution":[11],"cloud":[13],"environments":[14,90],"to":[15,35,84,125,202],"meet":[16],"ever-increasing":[17],"demands":[18],"terms":[20],"of":[21,42,64,81,110,114,134,160,177,187],"portability,":[22],"reliability":[23],"fast":[25],"deployment.":[26],"A":[27],"image":[29,52,77,93],"includes":[30],"all":[31],"environmental":[32],"dependencies":[33,66,73],"required":[34],"run":[36],"it,":[37],"such":[38],"as":[39],"specific":[40],"versions":[41],"system":[43,115],"third-party":[45,126],"packages.":[46,127],"Leveraging":[47],"on":[48,106,146,163],"its":[49],"modularity,":[50],"an":[51,76],"can":[53],"be":[54,79],"easily":[55],"embedded":[56],"other":[58],"thus":[60],"simplifying":[61],"the":[62,72,89,92,108,132,165,175,185],"way":[63],"sharing":[65],"building":[68],"new":[69],"software.":[70],"However,":[71],"included":[74],"may":[78],"out":[80],"date":[82],"due":[83],"backward":[85],"compatibility":[86],"requirements,":[87],"endangering":[88],"where":[91],"has":[94,122],"been":[95,123],"deployed":[96],"with":[97],"known":[98],"vulnerabilities.":[99],"While":[100],"previous":[101],"research":[102],"efforts":[103],"have":[104],"focused":[105],"studying":[107],"impact":[109,133],"bugs":[111],"vulnerabilities":[113,138],"packages":[116,161,180,200],"within":[117],"no":[120],"attention":[121],"given":[124],"This":[128],"paper":[129],"empirically":[130],"studies":[131],"npm":[135,179],"JavaScript":[136,168,199],"package":[137,169],"images.":[141],"We":[142],"based":[143],"our":[144],"analysis":[145],"961":[147],"images":[148,183],"from":[149],"three":[150],"official":[151],"repositories":[152],"that":[153,174,192],"use":[154],"Node.js,":[155],"1,099":[157],"security":[158,189],"reports":[159],"available":[162],"npm,":[164],"most":[166],"popular":[167],"manager.":[170],"Our":[171],"results":[172],"reveal":[173],"presence":[176],"outdated":[178],"increases":[184],"risk":[186],"potential":[188],"vulnerabilities,":[190],"suggesting":[191],"maintainers":[194],"should":[195],"keep":[196],"their":[197],"installed":[198],"up":[201],"date.":[203]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":4}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2025-10-10T00:00:00"}