Dependency and size knowledge graphs for npm and pypi

Here is a dataset for our paper RED-Scenario: A Resource-Efficient Deployment Framework for Scenarios through Dependency Package ManagementDependency and Size Knowledge Graphs for 10979 Python packages with 597,049 versions, and 28,151 Node.js packages with 738,927 versions, each version containing size and dependency information. we collect packages from vulnerable packages and the packages of regular applications. vulnerable packages come from the availability testing module. To get the packages of regular applications, We retrieve projects from GitHub written in Node.js and Python with over 10,000 stars. Then we filter those that include dependency specification files—requirement.txt for Python projects and package.json for Node.js projects. Parsing these dependency files and merging them with vulnerable packages forms the initial node of the graph, and then expanding the graph based on all versions and their sub-dependencies of the initial node. Dependency and size information are gathered from the statistical application programming interfaces of PyPI and npm.

本数据集专为我们的论文《RED-Scenario：一种基于依赖包管理的资源高效部署框架》而设计。该数据集包括10979个Python软件包及其597,049个版本，以及28,151个Node.js软件包及其738,927个版本，每个版本均包含大小和依赖信息。数据集从易受攻击的软件包和常规应用程序的软件包中收集而来。易受攻击的软件包来自可用性测试模块。为获取常规应用程序的软件包，我们从GitHub检索了超过10,000星标的Node.js和Python项目。然后，我们筛选出包含依赖规范文件的项目——Python项目的requirement.txt和Node.js项目的package.。通过解析这些依赖文件并将其与易受攻击的软件包合并，形成图的初始节点，随后基于初始节点的所有版本及其子依赖关系扩展图。依赖和大小信息从PyPI和npm的统计应用程序编程接口中收集。