{"id":"https://openalex.org/W7116059843","doi":"https://doi.org/10.48550/arxiv.2512.14739","title":"How Deep Does Your Dependency Tree Go? An Empirical Study of Dependency Amplification Across 10 Package Ecosystems","display_name":"How Deep Does Your Dependency Tree Go? An Empirical Study of Dependency Amplification Across 10 Package Ecosystems","publication_year":2025,"publication_date":"2025-12-12","ids":{"openalex":"https://openalex.org/W7116059843","doi":"https://doi.org/10.48550/arxiv.2512.14739"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.14739","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14739","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.14739","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Arafat, Jahidul","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Arafat, Jahidul","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.7989000082015991,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.7989000082015991,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.035100001841783524,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.02329999953508377,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/pairwise-comparison","display_name":"Pairwise comparison","score":0.7773000001907349},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.7360000014305115},{"id":"https://openalex.org/keywords/outlier","display_name":"Outlier","score":0.5602999925613403},{"id":"https://openalex.org/keywords/ecosystem","display_name":"Ecosystem","score":0.538100004196167},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.44670000672340393},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44530001282691956},{"id":"https://openalex.org/keywords/transitive-relation","display_name":"Transitive relation","score":0.3756999969482422}],"concepts":[{"id":"https://openalex.org/C184898388","wikidata":"https://www.wikidata.org/wiki/Q1435712","display_name":"Pairwise comparison","level":2,"score":0.7773000001907349},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.7360000014305115},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6018999814987183},{"id":"https://openalex.org/C79337645","wikidata":"https://www.wikidata.org/wiki/Q779824","display_name":"Outlier","level":2,"score":0.5602999925613403},{"id":"https://openalex.org/C110872660","wikidata":"https://www.wikidata.org/wiki/Q37813","display_name":"Ecosystem","level":2,"score":0.538100004196167},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.44670000672340393},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44530001282691956},{"id":"https://openalex.org/C191399111","wikidata":"https://www.wikidata.org/wiki/Q64861","display_name":"Transitive relation","level":2,"score":0.3756999969482422},{"id":"https://openalex.org/C2984074130","wikidata":"https://www.wikidata.org/wiki/Q73539779","display_name":"R package","level":2,"score":0.34790000319480896},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.3391999900341034},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.3328999876976013},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3310000002384186},{"id":"https://openalex.org/C3020440742","wikidata":"https://www.wikidata.org/wiki/Q1176855","display_name":"Software package","level":3,"score":0.32519999146461487},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.322299987077713},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.3174000084400177},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3172999918460846},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.3084000051021576},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.2702000141143799},{"id":"https://openalex.org/C149782125","wikidata":"https://www.wikidata.org/wiki/Q160039","display_name":"Econometrics","level":1,"score":0.26750001311302185},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26260000467300415}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.14739","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14739","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.14739","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.14739","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"software":[1,35],"development":[2],"relies":[3],"on":[4],"package":[5,255],"ecosystems":[6,43,246],"where":[7],"a":[8,173,252],"single":[9],"declared":[10],"dependency":[11,20,210],"can":[12],"pull":[13],"in":[14,138],"many":[15,156],"additional":[16],"transitive":[17,27],"packages.":[18,159],"This":[19],"amplification,":[21,171],"defined":[22],"as":[23,209],"the":[24,145,150],"ratio":[25],"of":[26,55,111,140,165,242],"to":[28,115,154,181,204],"direct":[29],"dependencies,":[30],"has":[31,149],"major":[32,60],"implications":[33],"for":[34,65,69,73,76,80,84,88,91,94,101,118,123,128,184,188,193,230,236,245],"supply":[36],"chain":[37],"security,":[38],"yet":[39],"amplification":[40,110,152],"patterns":[41],"across":[42,58],"have":[44],"not":[45],"been":[46],"compared":[47,114,180],"at":[48],"scale.":[49],"We":[50,130,160,200,250],"present":[51],"an":[52],"empirical":[53],"study":[54],"500":[56],"projects":[57,167],"ten":[59],"ecosystems,":[61],"including":[62,227],"Maven":[63,107,166,231],"Central":[64],"Java,":[66],"npm":[67,148,237],"Registry":[68],"JavaScript,":[70],"crates":[71],"io":[72],"Rust,":[74],"PyPI":[75],"Python,":[77],"NuGet":[78],"Gallery":[79],"dot":[81],"NET,":[82],"RubyGems":[83],"Ruby,":[85],"Go":[86,119],"Modules":[87],"Go,":[89],"Packagist":[90],"PHP,":[92],"CocoaPods":[93],"Swift":[95],"and":[96,99,125,190,198,216,238,240,258],"Objective":[97],"C,":[98],"Pub":[100],"Dart.":[102],"Our":[103,219],"analysis":[104,259],"shows":[105],"that":[106,147,162],"exhibits":[108],"mean":[109],"24.70":[112],"times,":[113],"4.48":[116],"times":[117,122,127,170],"Modules,":[120],"4.32":[121],"npm,":[124,189],"0.32":[126],"CocoaPods.":[129],"find":[131],"significant":[132],"differences":[133,203],"with":[134,247,256],"large":[135],"effect":[136],"sizes":[137],"22":[139],"45":[141],"pairwise":[142],"comparisons,":[143],"challenging":[144],"assumption":[146],"highest":[151],"due":[153],"its":[155],"small":[157],"purpose":[158],"observe":[161],"28":[163],"percent":[164,183,187,192],"exceed":[168],"10":[169],"indicating":[172],"systematic":[174,228],"pattern":[175],"rather":[176],"than":[177],"isolated":[178],"outliers,":[179],"14":[182],"RubyGems,":[185,239],"12":[186],"zero":[191],"Cargo,":[194],"PyPI,":[195],"Packagist,":[196],"CocoaPods,":[197],"Pub.":[199],"attribute":[201],"these":[202],"ecosystem":[205,223],"design":[206],"choices":[207],"such":[208],"resolution":[211],"behavior,":[212],"standard":[213],"library":[214],"completeness,":[215],"platform":[217],"constraints.":[218],"findings":[220],"suggest":[221],"adopting":[222],"specific":[224],"security":[225],"strategies,":[226],"auditing":[229],"environments,":[232],"targeted":[233],"outlier":[234],"detection":[235],"continuation":[241],"current":[243],"practices":[244],"controlled":[248],"amplification.":[249],"provide":[251],"full":[253],"replication":[254],"data":[257],"scripts.":[260]},"counts_by_year":[],"updated_date":"2025-12-19T19:45:34.690201","created_date":"2025-12-19T00:00:00"}